-
Notifications
You must be signed in to change notification settings - Fork 33
Log into Tyk Dashboard using LDAP
Martin Buhr edited this page Jan 13, 2016
·
2 revisions
{
"ActionType": "GenerateOrLoginUserProfile",
"ID": "4",
"OrgID": "{YOUR-ORG-ID}",
"ProviderConfig": {
"FailureRedirect": "http://http://{DASH-DOMAIN}:{DASH-PORT}/?fail=true",
"LDAPAttributes": [],
"LDAPPort": "389",
"LDAPServer": "localhost",
"LDAPUserDN": "cn=*USERNAME*,cn=dashboard,ou=Group,dc=test-ldap,dc=tyk,dc=io"
},
"ProviderName": "ADProvider",
"ReturnURL": "http://http://{DASH-DOMAIN}:{DASH-PORT}/tap",
"Type": "passthrough"
}
Step 1: Send a request to the LDAP URL
TIB can pull a username and password out of a request in two ways:
- Two form fields called "username" and "password"
- A basic auth header using the Basic Authentication standard form
By default, TIB will look for the two form fields. To enable Basic Auth header extraction, add "GetAuthFromBAHeader": true to the ProviderConfig section.
The request should be a POST.
If you make this request with a valid user that can bind to the LDAP server, Tyk will redirect the user to the dashboard with a valid session. There's no more to it, this mechanism is pass-through and is transparent to the user, with TIB acting as a direct client to the LDAP provider.
Note The LDAPUserDN field MUST contain the special *USERNAME* marker in order to construct the users OU properly.