Active Directory user federation with Rails?

Question

Is it possible to use existing AD users to authenticate them in a ruby on rails app? To be a bit more precise here's the current situation.

A rails app is hosted on a linux box. Currently Brightbox is used as hosting provider. There's only built in user authentification in the rails app and I can't see a way to make the app aware of connected AD users.

Now there's a rather big customer in spe with hundreds of Active Directory users. Clearly they want to have their users logged in without creating a rails app account for each. All the known idendity providers (OpenId, Google, Facebook...) are no alternative.

The only thing I could find doing this stuff is Microsofts ADFS2. But it looks like not really usable in the rails world. But that's exactly needed. A way to establish a trust between AD and my app to trust the external AD users.

Any ideas?

score 1 · Accepted Answer · answered Sep 30 '11 at 00:23

1

ADFS requires some flavour of web.config on the client side.

You could protect the rails app. with another Access Manager product (OpenSSO / OpenAM). See Integrating Applications With OpenSSO.

Or you could add a WIF "lookalike" plugin to Rails (if there is such a beast) which needs to handle either the WS-Federation or SAML protocol that ADFS recognises.

answered Sep 30 '11 at 00:23

rbrayb

46,440
34
114
174

Thanks. OPenSSO/OpenAM is new to me. I will have a lok. But at the first sight it looks promissing. I'll wait a bit to see if there are other ideas comming and will then accept your answer. – devployment Sep 30 '11 at 07:24

score 0 · Answer 2 · answered Oct 02 '11 at 06:21

0

Have a look at PingFederate which is sold by my employer, Ping Identity. You'll be done in no time. It makes this sort of integration very simple and secure.

answered Oct 02 '11 at 06:21

Travis Spencer

2,231
16
26

Active Directory user federation with Rails?

2 Answers2