Skip to content

cloudvolumes/rack-ntlm

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
README.rdoc
README.rdoc
 
 
Rakefile
Rakefile
 
 
VERSION
VERSION
 
 
rack-ntlm.gemspec
rack-ntlm.gemspec
 
 

Repository files navigation

Rack-ntlm

Description

Rack middleware for transparent authentication with NTLM.

This is a fork from lukefx/rack-ntlm on Github. This fork previous used net/ldap to search the user against an ActiveDirectory server. The requirement of net/ldap has been removed in favor of an external authenticator object.

This is work in progress, so contributions are welcome.

Dependencies

  • rubyntlm (gem install rubyntlm)

Usage (with Rails):

Gemfile:

gem ‘rubyntlm’, :git => ‘git://github.com/cloudvolumes/rubyntlm.git’, :branch => :master gem ‘rack-ntlm’, :git => ‘git://github.com/cloudvolumes/rack-ntlm.git’, :branch => :master

Initializer:

# Match all requests
# All requests require authentication by default.
config.middleware.use "Rack::Ntlm", {
  :logger => Log4r::Logger['ntlm'],               # any logger that quacks like a ruby Logger (.debug, .info) etc
  :authenticator => YourOwnAuthObject.new()       # .auth(env, user, workstation, domain) will be called
}

# If any of the provided patterns do not match, authentication is skipped for that request.
# Match a request to /login?something=1&other=2 using Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
config.middleware.use "Rack::Ntlm", {
  :uri_pattern => /\/login/,                      # Pattern must match ENV['PATH_INFO'] (optional)
  :query_pattern => /something=1/,                # Pattern must match ENV['QUERY_STRING'] (optional)
  :agent_pattern => /windows/,                    # Pattern must match ENV['HTTP_USER_AGENT'] (optional)
  :logger => Log4r::Logger['ntlm'],               # any logger that quacks like a ruby Logger (.debug, .info) etc
  :authenticator => YourOwnAuthObject.new()       # .auth(env, user, workstation, domain) will be called
}

Example

When a client needs to authenticate itself to a proxy or server using the NTLM scheme then the following 4-way handshake takes place (only parts of the request and status line and the relevant headers are shown here; “C” is the client, “S” the server):

1: C –> S GET …

2: C <– S 401 Unauthorized

WWW-Authenticate: NTLM

3: C –> S GET …

Authorization: NTLM <base64-encoded type-1-message>

4: C <– S 401 Unauthorized

WWW-Authenticate: NTLM <base64-encoded type-2-message>

5: C –> S GET …

Authorization: NTLM <base64-encoded type-3-message>

6: C <– S 200 Ok

Copyright

Copyright © 2009-2013 [Rack-Ntlm], released under the MIT license

About

Rack module for NTLM Authentication

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

4 watching

Forks

1 fork
Report repository

Releases 5

Authorization Header Fix Latest
Jul 15, 2015
+ 4 releases

Packages

No packages published

Languages

  • Ruby 100.0%