Home Rails authentication strategy for noob
Reply: 0

Rails authentication strategy for noob

user2191
1#
user2191 Published in June 25, 2018, 12:01 am

Hope this is not too broad but after a lot of googling I am not sure where to start. I am looking for a introductory/noob overview to help me get started on building an authentication implementation for a rails 3 application.

Basic technical requirements:

  • Rails 3 application is hosted on third party service (heroku)
  • Need to use specific external private SSO service to authenticate users.
  • No local user database or model in the rails application.
  • Authentication is token based meaning that there is a special cookie that needs to be read passing back token to SSO server (not rails based).
  • I have no control over the SSO server or infrastructure.
  • Trust of the SSO server is implicit and do not want to maintain local database of users, passwords, or sensitive information. User info only exists during session and the SSO server is authoritative.
  • Session token info is cookie based and lives for the duration of the browser session.

I am looking for basic example/tutorial/strategy/explanation of how the process would work in rails with the above setup. I would like the process to be seamless for user with workflow that basically looks like this:


  • Navigate to rails app -->
  • redirect unauthenticated users to SSO server -->
  • login and authenticate via remote SSO server -->
  • callback/redirect to rails app -->
  • capture user info passed back from SSO server and load protected resources in rails app

Strategy is completely custom using a private SSO resource and does not use a well published auth mechanism (in other words not Facebook, Google, Twitter, OAuth, etc).

Any help on terminology, coherent tutorials, examples would be appreciated.

Edit/Update:

To be more specific I am also looking for good documentation how to create an omniauth custom developer strategy. Some tutorial that goes through the kind of code required to talk to an arbitrary SSO server, read a token out of a cookie, and complete the authentication handshake and callback/redirect.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.310569 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO