i am in the process of taking all of our php applications for the company i work for and rewriting them in ruby on rails. just to help with username and password management, i had a program where we could create a user and then assign what other programs they had access to, so that they would only have to log in at one place and have access to all of the software. i''m not sure of the right approach for moving this over. i don''t know if it would be better to have everything inside one giant ruby on rails app, or if i can keep it so that everything has it''s own individual program, including an application to manage users and what they have been given access to. i would prefer the later just because it seems like it would be easier to manage because it is more modular, but i''m open to any other suggestions. thanks -- Posted via http://www.ruby-forum.com/.
Bryan Duxbury
2006-Apr-26 20:42 UTC
[Rails] Re: one authentication for multiple rails apps
Josh Kieschnick wrote:> i am in the process of taking all of our php applications for the > company i work for and rewriting them in ruby on rails. just to help > with username and password management, i had a program where we could > create a user and then assign what other programs they had access to, so > that they would only have to log in at one place and have access to all > of the software. > > i''m not sure of the right approach for moving this over. i don''t know if > it would be better to have everything inside one giant ruby on rails > app, or if i can keep it so that everything has it''s own individual > program, including an application to manage users and what they have > been given access to. > > i would prefer the later just because it seems like it would be easier > to manage because it is more modular, but i''m open to any other > suggestions. > > thanksI''d put it all together. Just because they''re in one "giant" app does not mean that they''re unmanageable. It would really simplify authentication stuff, too. Instead of keeping auth data in a separate db or something, it''s natively already right where you need it. The only argument for real separation would be if the different apps are really and truly not related. Then you could just use LDAP as your authentication store, and it wouldn''t be really hard at all. -- Posted via http://www.ruby-forum.com/.
Josh Kieschnick
2006-Apr-26 20:54 UTC
[Rails] Re: one authentication for multiple rails apps
> The only argument for real separation would be if the different apps are > really and truly not related. Then you could just use LDAP as your > authentication store, and it wouldn''t be really hard at all.yeah, i did some searching on google and found information about LDAP. where can i get more information on that? most of our users are on mac too - does it matter what OS they are using when they access the app? another idea i had was keeping several different rails apps, but having them all use the same database, just different tables. that way they would all have access to the users and session information. -- Posted via http://www.ruby-forum.com/.
Josh, I''m a ruby newbie, but I do know something about authentication and authorization. The biggest thing people need to realize is that they are two separate problems with two seperate solutions. Use one mechanism to authenticate your user and a second mechanism to authorize the user for the specific application. Once you know who a user is, you don''t have to do that again. You just need to figure out what to give her access to. With AD and LDAP the user can be in multiple groups. You can retrieve the group membership for a user and make access available based on group membership. Your management of people/groups can be put off onto AD or LDAP. If your using apache, you can let apache handle authentication. Then your application can get the username from apache and make decision on authorization. Apache can do ldap, kerberos, ad and more. -- Blake C. Lewis -- Posted via http://www.ruby-forum.com/.
Josh Kieschnick
2006-Apr-28 15:37 UTC
[Rails] Re: one authentication for multiple rails apps
i''m still trying to figure out the best way to do this. all of the apps i want to use are completely unrelated. i still want to keep everything separate, so here''s what i''ve thought - please tell me if this idea is completely ridiculous. everything would have it''s own rails app, and it''s own database. each app would have a standard table for the user information. and in the user management application, i would have a table for all of the other apps. in the table, i thought about having a field for the name of the database that the application is using, so that when you create a user, it will create it in both applications. the same for user deletions. not everyone has access to every app, so it would only create a user in the apps user table when the user is assigned to that application. then, when that user logs in, he or she will get a list of applications that they have access to. clicking on each one should then pass the login information to that app automatically so they can use it. i hope that makes sense to someone out there. it''s kind of confusing myself, but i really need to come up with a solution for this really soon. thanks for your help, josh -- Posted via http://www.ruby-forum.com/.
Wilson Bilkovich
2006-Apr-28 18:36 UTC
[Rails] Re: one authentication for multiple rails apps
On 4/28/06, Josh Kieschnick <jjkiesch@gmail.com> wrote:> i''m still trying to figure out the best way to do this. all of the apps > i want to use are completely unrelated. i still want to keep everything > separate, so here''s what i''ve thought - please tell me if this idea is > completely ridiculous. > > everything would have it''s own rails app, and it''s own database. each > app would have a standard table for the user information. and in the > user management application, i would have a table for all of the other > apps. in the table, i thought about having a field for the name of the > database that the application is using, so that when you create a user, > it will create it in both applications. the same for user deletions. not > everyone has access to every app, so it would only create a user in the > apps user table when the user is assigned to that application. > > then, when that user logs in, he or she will get a list of applications > that they have access to. clicking on each one should then pass the > login information to that app automatically so they can use it. > > i hope that makes sense to someone out there. it''s kind of confusing > myself, but i really need to come up with a solution for this really > soon. > > thanks for your help, > josh >You might want to consider using CAS, which has a Ruby / Rails client interface: http://www.ja-sig.org/products/cas/ It''s pretty lightweight, as such things go, and is designed for this type of task.