0
Answered
SAML and domain support
Do you have in your roadmap to support SAML or LDAP to integrate XTRF to a federated identity system?
Also do you have any plans to improve access rights table since it does not work really well when restricting permissions.
Customer support service by UserEcho
The SAML or LDAP can already be integrated with XTRF by using authorization header injection by proxy. You isolate the application behind authenticating proxy and it only sends the proper header with logged username. This was designed with SiteMinder in mind ( :) ) - the SM_USER header, but should work with any other authenticating proxy.
The XTRF however cannot create new users with this mechanism, they have to be added beforehand.
You can find some documentation here:
https://knowledgebase.xtrf.eu/display/XTRFHelp/Security+-+Advanced+Configuration#Security-AdvancedConfiguration-Securitysub-tab
Thanks for the explanation, however it would be nice to have integration with SAML applications like Google or Lastpass for example. Same for LDAP.
Hi Marcin,
I have one more question, It would be possible to separate client and vendor portals from the home portal, since if we use the proxy it will affect only the home portal or also the vendor/client portal?
thanks
Yes, for example for Apache HTTPD as a proxy:
<Location /xtrf/> AuthName "CROWD Auth" AuthType Basic AuthBasicProvider crowd ... other details RequestHeader set "YOUR_AUTH_HEADER" %{REMOTE_USER}s </Location> ProxyPass / ajp://127.0.0.1:8009/ max=30 retry=10 nocanoMoreover, the header injection auth works only for home portal so you might even ignore the portal separation.