Active Directory user federation with Rails?

Question

Is it possible to use existing AD users to authenticate them in a ruby on rails app? To be a bit more precise here's the current situation.

A rails app is hosted on a linux box. Currently Brightbox is used as hosting provider. There's only built in user authentification in the rails app and I can't see a way to make the app aware of connected AD users.

Now there's a rather big customer in spe with hundreds of Active Directory users. Clearly they want to have their users logged in without creating a rails app account for each. All the known idendity providers (OpenId, Google, Facebook...) are no alternative.

The only thing I could find doing this stuff is Microsofts ADFS2. But it looks like not really usable in the rails world. But that's exactly needed. A way to establish a trust between AD and my app to trust the external AD users.

Any ideas?

Answer 1

ADFS requires some flavour of web.config on the client side.

You could protect the rails app. with another Access Manager product (OpenSSO / OpenAM). See Integrating Applications With OpenSSO.

Or you could add a WIF "lookalike" plugin to Rails (if there is such a beast) which needs to handle either the WS-Federation or SAML protocol that ADFS recognises.

Answer 2

Have a look at PingFederate which is sold by my employer, Ping Identity. You'll be done in no time. It makes this sort of integration very simple and secure.