I have a Windows/IIS server which is running some plain-old-CGI Ruby web
apps. Because it's Windows/IIS, authentication is *really* easy in our
active directory environment. I simply have to enable authentication
(kerberos) for the app, then set the permissions on the .cgi files
(users in group X may access this file).
Well, I want to start using Rack-based apps (such as Sinatra), but I
still want seamless authentication. I don't want to force users to type
their passwords--I want the browser and the web server to do seamless
kerberos authentication.
What are my options? I gather that there are no Rack implementations for
IIS. Has anyone successfully managed to get something like this working
on Apache/Passenger? Or is there a better option? Or is it possible to
trigger kerberos at the application level?
Nick,
this question comes up a fair bit. I think most of the
Ruby/ActiveDirectory
integration issues end up directing people to the various ldap options for
Ruby.
I would also look and see if anyone has built any Rack Middleware around
this.
Sorry I can't be more help.
···
On Thu, Mar 18, 2010 at 7:24 PM, Nick Brown <nick@nick-brown.com> wrote:
Well, I want to start using Rack-based apps (such as Sinatra), but I
still want seamless authentication. I don't want to force users to type
their passwords--I want the browser and the web server to do seamless
kerberos authentication.
What are my options? I gather that there are no Rack implementations for
IIS. Has anyone successfully managed to get something like this working
on Apache/Passenger? Or is there a better option? Or is it possible to
trigger kerberos at the application level?
Richard Conroy wrote:
> this question comes up a fair bit.
Ruby moves so quickly that it's worth asking questions frequently, as
the answers from six months ago are often obsolete
My main concern with this topic, is that I dont think I have ever seen this
question
answered well. Its not a good sign, as it implies that you are on your own
when you
go down this route.
> I think most of the Ruby/ActiveDirectory
> integration issues end up directing people to the various ldap options
> for Ruby.
Net-ldap does work! But it requires that I solicit usernames and
passwords. And the "activedirectory" gem seems to be broken and
unmaintained.
Nicely, net-ldap is being actively maintained (saw some recent
announcements).
I think there is also a ruby-net-ldap which is pure ruby, and gets some
recommendations.
> I would also look and see if anyone has built any Rack Middleware around
> this.
I looked for a way to use Rack on IIS. I didn't find anything considered
"stable" and compatible with MRI :-/
Don't get me started. I dont think there is anybody in the entire planet
putting Ruby
on production windows web servers with MRI. If there was, you would expect
to see
a lot more solutions out there that solve the common problems.
That said, you might want to check out IronRuby, and their solution
ecosystem.
The best advice I often see is to deploy your app on JRuby, then take
advantage
of Java APIs that can do the integration better.
I would love to hear experiences from someone who actually has a
production application using kerberos/AD/MRI.
So would I. I would buy beers for people who can put together all the pieces
of
successfully deploying Ruby web apps on windows.
···
On Thu, Mar 18, 2010 at 7:55 PM, Nick Brown <nick@nick-brown.com> wrote:
> On Thu, Mar 18, 2010 at 7:24 PM, Nick Brown <nick@nick-brown.com> wrote:
