2017 R1 Update Rollup 1

Authentication With External (REMOTE_USER)Permanent link for this heading

The following chapters describe an authentication method using the server variable REMOTE_USER.

Authentication “External (REMOTE_USER)”Permanent link for this heading

The Authentication Method “External (REMOTE_USER)“ that can be selected in the Virtual Application Configuration is based on the principle that a third party product module handles the authentication of a user on the Fabasoft Folio web server and that the information is passed on to the application in the server variable REMOTE_USER.

Using the content of the server variable REMOTE_USER, under the operating system account of the Fabasoft Folio Web Service the web server module fscvext logs on as the specified user.

Requirements for a Successful LoginPermanent link for this heading

There are following requirements for a successful login:

  1. The third party product module has successfully passed on the request as authenticated and has set the server variable REMOTE_USER.
  2. The user assigned to the operating system account of the Fabasoft Folio Web Service has to be entered in the Privileged Users field of the Current Domain to be able to log on as another user.
  3. The content of the server variable REMOTE_USER has to match the login name of an active user in the Fabasoft Folio Domain.
  4. If the server variable REMOTE_USER is empty, the operating system account is used to log on.

Type of Authentication, Re-Authentication and SigningPermanent link for this heading

The third party product module on the Fabasoft Folio web server is not restricted to a certain type of authentication (regarding e.g. type of header variables or cookies) and is determined by the project context. The content of the server variable REMOTE_USER is a blind trust (principle of delegation). There is no interface that enables a re-authentication of the user name that was passed. In this respect it is not possible to sign with entry of the password.

Server Variable REMOTE_USER in the HTTP HeaderPermanent link for this heading

The server variable REMOTE_USER cannot be passed in a HTTP header. However, it is possible that a third party product module copies a defined header variable to the server variable REMOTE_USER if the infrastructure guarantees security for this unsecure practice (e.g. because the Fabasoft Folio web server is only available via determined proxy server that enables secure authentication).