Jump to content

New authentication method to support external authentication stacks


crey

Recommended Posts

Many enterprises have custom built authentication stacks that use various technologies in order to authenticate requests and forward these to backend Web services.

 

Please add a new authentication method to Passwordstate that accepts username values from HTTP headers in the HTTP request. Having this method would allow integration into many BeyondCorp-like enterprise web security products (like ScaleFT) that would sit in front of traffic to Passwordstate, authenticate requests, and forward these to Passwordstate post-authentication, telling Passwordstate via HTTP headers which user made the specific request.

 

Note:

  • administrative settings should allow the administrator to define which HTTP header to read the username from
  • administrative settings should allow to define a whitelist of IP addresses that these requests should come from, this way making sure that the requests are only accepted from allowed reverse proxies
Link to comment
Share on other sites

Hi Crey

 

I'm not completely shure if this would be a feasable solution for you, but if you also could use SAML for authentication it should basically do what you need: A pre-authentication, which is made before Passwordstate. 

Passwordstate also supports configuring IP ranges to restrict access regarding to the authentication option.

 

Best regards,

 

Fabian

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...