|maride f71a097ab9 Add LDAP support||4 weeks ago|
|src||4 weeks ago|
|Dockerfile||1 month ago|
|README.md||4 weeks ago|
|docker-compose.yml||4 weeks ago|
|traefik.toml||4 weeks ago|
The purpose of multipass is to make SSO possible in a microservices environment. The services don’t need to validate the authenticity of a user; multipass does this.
It’s simple. multipass adds two header values to the request of the browser:
X-Multipass-User, which contains the username if the request is authenticated or
""(empty string) if it’s not authenticated
X-Multipass-Authenticated, which contains either
Go ahead and use these values in your application. They can’t be injected by the browser, multipass ensures that :)
Example: An unauthenticated request, as seen from the backend service (with hostname
whoami). Please note that the other
X- headers were added by traefik.
HEAD / HTTP/1.1 Host: whoami User-Agent: curl/7.58.0 Accept: */* X-Forwarded-For: 172.19.0.1 X-Forwarded-Host: whoami X-Forwarded-Port: 80 X-Forwarded-Proto: http X-Forwarded-Server: 62295596b214 X-Multipass-Authenticated: UNAUTHENTICATED X-Multipass-User: X-Real-Ip: 172.19.0.1
Example: An authenticated request (by user
maride), as seen from the backend service.
HEAD / HTTP/1.1 Host: whoami User-Agent: curl/7.58.0 Accept: */* Cookie: multipass-token=VVVXYZ123 X-Forwarded-For: 172.19.0.1 X-Forwarded-Host: whoami X-Forwarded-Port: 80 X-Forwarded-Proto: http X-Forwarded-Server: 62295596b214 X-Multipass-Authenticated: AUTHENTICATED X-Multipass-User: maride X-Real-Ip: 172.19.0.1