joyrexus
commented
9 years ago Actually, let's keep the master branch as is and create a cnet-login branch that will include the desired secure authentication.
Open joyrexus opened 9 years ago
joyrexus
commented
9 years ago Actually, let's keep the master branch as is and create a cnet-login branch that will include the desired secure authentication.
We want to prompt for CNet credentials (ID & password) on a user's first access to the submit client and validate those credentials against the UChicago LDAP server. If the user doesn't provide valid credentials, they should never get access to the actual page.
Here's a little demo of how to do this with hapi.
My auth-demos show the various component pieces needed for this (viz. HTTP Basic Auth, TLS, and LDAP) each demo-ed in isolation.
For additional context, see this student project description. (Note: this is in private repo accessible to RCC Staff only.)
Note that before deploying to
ws.rcc.uchicago.edu, we'll need to use the official SSL key/certification for that machine. (I'll have to give you access.) The cert/key used in the demo are "self-authorized" and only useful for testing purposes.