The following chapters describe an authentication method using the server variable REMOTE_USER.
The Authentication Method “External (REMOTE_USER)“ that can be selected in the Virtual Application Configuration is based on the principle that a third party product module handles the authentication of a user on the Fabasoft Folio web server and that the information is passed on to the application in the server variable REMOTE_USER.
Using the content of the server variable REMOTE_USER, under the operating system account of the Fabasoft Folio Web Service the web server module fscvext logs on as the specified user.
There are following requirements for a successful login:
The third party product module on the Fabasoft Folio web server is not restricted to a certain type of authentication (regarding e.g. type of header variables or cookies) and is determined by the project context. The content of the server variable REMOTE_USER is a blind trust (principle of delegation). There is no interface that enables a re-authentication of the user name that was passed. In this respect it is not possible to sign with entry of the password.
The server variable REMOTE_USER cannot be passed in a HTTP header. However, it is possible that a third party product module copies a defined header variable to the server variable REMOTE_USER if the infrastructure guarantees security for this unsecure practice (e.g. because the Fabasoft Folio web server is only available via determined proxy server that enables secure authentication).