Retrieve Yunohost LDAP authentification


#1

Hello,
I’m currently trying to integrate my apps in the yunohost LDAP authentication.
I’ve successfully patched the app source code so that user and password are retrieved from the LDAP server from the app login page:

  • The install script create the user as per the yunohost user
  • I click on the app icon on the yunohost home page
  • I enter my yunohost username and Yunohost password in the app login form
  • I’m sucessfully logged into the app

Now, I’d liked to skip the app login page in order to directly get to the app if the user is already logged in in Yunohost (as Nextcloud is doing for example).
The question is : how the hell do I retrieve the user that is already logged in so that he doesn’t have to enter username and password again?
I can see a cookie SSOwAuthUser when I access the app, is that this one? Should I set some settings in nginx to pass it to the app?
I tried to have a look at other apps, but I don’t get it…

Any help would be greatly appreciated…


#2

You’re looking for “http authentication”, which is not immediately related to LDAP.
Nginx is provided the variable with the authenticate user, https://github.com/YunoHost-Apps/wordpress_ynh/blob/master/conf/nginx.conf#L24. Then the app itself has to use this variable to know which user is connected.

I do not know a lot more about that, just the basic way to use it.


#3

Thaaaaanks!
Set this in the app nginx conf file:
proxy_set_header X-Remote-User $remote_user;
And then use it in my python code with:
request.headers.get('X-Remote-User')