Header based authentication is a method where the users are authenticated to access backend applications based on the user information which is sent through the HTTP headers. In the URL, the HTTP header section contains authentication parameters which can be configured to set the Header Based Authentication for on premise apps.
This solution is used for backend applications and on-premise solutions, where there is a requirement of SSO (or an IDP) which is not supported by those apps and further customization is not possible.
Most backend applications (and on-premise solutions) do not have support for SSO (or an IDP). So we need a reverse proxy server in between them to set up SSO (or an IDP) to authenticate the users. By enabling Header Based Authentication for on premise apps, users can log in to a proxied application using just the contents of the header body of the URL. Admin can specify which parameters should be used to authenticate users and have it customized to their security needs.
When the URL header set by the reverse proxy server matches the required header for the proxied application it authenticates the user and logs in to the proxied application. In case, the user’s header parameters do not match the required backend application parameters, then the backend application error page will be displayed. This application can be set up as per the user requirements by enabling miniOrange Header Based Authentication for on premise apps with Reverse Proxy solution.
Header based authentication for on premise apps provides easy and secure single sign-on (SSO) to your on-premise applications for users.
No third party apps or additional software are needed.
With header based authentication for on premise apps, you can change which parameters in the header are to be used to authenticate users. This offers customizability and reduces security risks.
Message integrity is maintained as we know the content will not be modified.
Let’s see the steps of how Header Based Authentication for on premise apps works with a reverse proxy server
Suppose we have a user, Stephen. Stephen wants to access the backend application (example In-house SaaS applications ). He will see the proxied application and try to log in to it. A request will be initiated and sent to the reverse proxy server. The reverse proxy server will redirect him to the IDP set up by Stephen’s organization (example miniOrange or Azure AD).
A reverse proxy server is a special kind of proxy server. In contrast to a forward proxy server, which protects clients [...]
Role based access control (RBAC)means allowing access to users to a stack based on the set user roles and [...]
Ever felt concerned about the images that you added to your online folders, might be downloaded by users (who aren’t logged in) [...]