Sure, you can handle it. But should you?
Let our experts manage the tech maintenance while you focus on your business.
Let our experts manage the tech maintenance while you focus on your business.
Request Header Session Authentication Plugin
Mindbreeze InSpire
Copyright ©
Mindbreeze GmbH, A-4020 Linz, 2024.
All rights reserved. All hardware and software names used are brand names and/or trademarks of their respective manufacturers.
These documents are strictly confidential. The submission and presentation of these documents does not confer any rights to our software, our services and service outcomes, or any other protected rights. The dissemination, publication, or reproduction hereof is prohibited.
For ease of readability, gender differentiation has been waived. Corresponding terms and definitions apply within the meaning and intent of the equal treatment principle for both sexes.
Introduction
The Request Header Session Authentication Plugin allows setting username and user groups via HTTP request headers for the Mindbreeze InSpire Client Service.
IMPORTANT:
The plugin must be exclusively used in environments where the Mindbreeze InSpire Client is only accessible via an authenticated reverse proxy to the end users. The username and groups must be set by the reverse proxy based on the authentication. It is crucial that no user can pass the headers through the proxy server or by directly accessing the Client Service.
Once the plugin is activated for a given Mindbreeze InSpire Client Service, the username and group list set in the configured HTTP request headers will be accepted without further checking and used for authorization of the search results.
Installation
The plugin is installable via the Mindbreeze InSpire Management Center by uploading the plugin archive in the “Plugins” panel of the “Configuration” section.
Configuration
Configuration requires activating the Request Header Session Authentication Plugin for the selected Client Service and setting the HTTP request header names that contain the user information in the plugin settings.
Activating the Plugin
In the “Client Services” panel select the Client Service for which the Plugin should be activated. Make sure that the Client Service has the “Credential Certificate” option set to an installed trusted client certificate.
Using the “Advanced Settings” view mode, navigate to the “Session Authentication Plugins” section of the Client Service configuration. In the plugin selector dropdown list chose “SessionAuthenticationService.RequestHeaderAuthentication” and then click on “Add”:
Configuring the Plugin
After successfully adding the session authentication plugin to the selected client service the plugin is ready for configuration:
Settings
Username Header | Name of the HTTP request header that contains the user name. Per default it is set to “X-Username” |
Groups Header | Name of the HTTP request header that contains the groups. Per default it is set to “X-Groups” |
Groups Header Splitter | Regular expression to split groups header into a list of groups. |
Convert Principals to Lowercase | If activated, username and groups retrieved from the request headers will be converted to lowercase. |
Add Everyone Principal | If activated, the group "everyone" is always added |
As soon as the plugin is added and the configured Client Service is restarted with the new settings, the new authentication method is available.