crey Posted September 20, 2018 Share Posted September 20, 2018 Many enterprises have custom built authentication stacks that use various technologies in order to authenticate requests and forward these to backend Web services. Please add a new authentication method to Passwordstate that accepts username values from HTTP headers in the HTTP request. Having this method would allow integration into many BeyondCorp-like enterprise web security products (like ScaleFT) that would sit in front of traffic to Passwordstate, authenticate requests, and forward these to Passwordstate post-authentication, telling Passwordstate via HTTP headers which user made the specific request. Note: administrative settings should allow the administrator to define which HTTP header to read the username from administrative settings should allow to define a whitelist of IP addresses that these requests should come from, this way making sure that the requests are only accepted from allowed reverse proxies Link to comment Share on other sites More sharing options...
Fabian Näf Posted September 20, 2018 Share Posted September 20, 2018 Hi Crey I'm not completely shure if this would be a feasable solution for you, but if you also could use SAML for authentication it should basically do what you need: A pre-authentication, which is made before Passwordstate. Passwordstate also supports configuring IP ranges to restrict access regarding to the authentication option. Best regards, Fabian Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.