From Fedora Project Wiki

(Added Web Application Authentication section)
Line 35: Line 35:
== Web Application Authentication ==
== Web Application Authentication ==


On operating system level, there are numerous authentication and identity lookup mechanisms, some of them using sssd. With new Apache modules and new sssd, some of those mechanisms become more easily consumable by web applications. Various web application environments and frameworks can then consume results of the authentication and information retrieval using environment variables similar to REMOTE_USER.
At an operating system level, there are numerous authentication and identity lookup mechanisms, some of them using sssd. With new Apache modules and new sssd, some of those mechanisms become more easily consumable by web applications. Web application environments and frameworks can then consume results of the authentication and information retrieval using environment variables similar to REMOTE_USER.  This will allow the better integration of web applications into enterprise-scale deployments.
 
With mod_authnz_pam, PAM authentication and access checks are available to web applications, allowing wider combination of authentication and access controls. One specific target is host-based access control rules of FreeIPA for Kerberos SSO via pam_sss and sssd.
 
The mod_intercept_form_submit module makes it possible to enable the PAM authentication of mod_authnz_pam on normal logon form handling paths, which can then be consumed by web application with fairly minimal changes.
 
The mod_lookup_identity uses sssd-dbus to retrieve additional attributes like name, email address, or group membership, and populates environment variables for easy consumption of this information by web applications.
 
The sssd-dbus implements new service ifp which provides access to additional user-related pieces of information.

Revision as of 15:17, 19 July 2014

Beat is open
This beat is now ready to have Fedora 25 content added by the beat writer

jQuery

jQuery is a fast, small, and feature-rich JavaScript library. It makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility, jQuery has changed the way that millions of people write JavaScript.

Traditionally, a copy of jQuery has been included with every web application that requires it. Starting with Fedora 21, many of those applications have migrated to a shared system copy of jQuery.

If you're developing an application that uses jQuery on Fedora and don't want to download your own copy or rely on a third-party CDN, you can now install one of our jquery packages and use it instead. You can find the 1.x branch of jQuery that supports Internet Explorer 6 in the js-jquery1 package, and the 2.x branch of jQuery that only works with modern web browsers in the js-jquery package. For more information on using these packages in your applications, see https://fedoraproject.org/wiki/Web_Assets.

PHP 5.6

The PHP stack has been updated to version 5.6, the latest upstream version. The important changes in this new version include:

  • Security:
    • TLS Peer Verification
    • Improved TLS Defaults
  • Language improvements:
    • Constant Scalar Expressions
    • Argument Unpacking
    • Syntax for variadic functions
    • Power Operator
    • Importing namespaced functions
  • New tool:
    • PHP debugger provided in the new php-dbg subpackage (phpdbg command)

Ruby on Rails 4.1

Fedora 21 includes Ruby on Rails 4.1, the latest version of the well-known web application framework written in Ruby. Highlights in this release include Spring application preloader, config/secrets.yml, Action Pack variants and Action Mailer previews. The Release Notes are at http://edgeguides.rubyonrails.org/4_1_release_notes.html.

Information for developers upgrading existing applications to Ruby on Rails 4.1 can be found in the Upgrading Ruby on Rails guide at http://edgeguides.rubyonrails.org/upgrading_ruby_on_rails.html.

Web Application Authentication

At an operating system level, there are numerous authentication and identity lookup mechanisms, some of them using sssd. With new Apache modules and new sssd, some of those mechanisms become more easily consumable by web applications. Web application environments and frameworks can then consume results of the authentication and information retrieval using environment variables similar to REMOTE_USER. This will allow the better integration of web applications into enterprise-scale deployments.

With mod_authnz_pam, PAM authentication and access checks are available to web applications, allowing wider combination of authentication and access controls. One specific target is host-based access control rules of FreeIPA for Kerberos SSO via pam_sss and sssd.

The mod_intercept_form_submit module makes it possible to enable the PAM authentication of mod_authnz_pam on normal logon form handling paths, which can then be consumed by web application with fairly minimal changes.

The mod_lookup_identity uses sssd-dbus to retrieve additional attributes like name, email address, or group membership, and populates environment variables for easy consumption of this information by web applications.

The sssd-dbus implements new service ifp which provides access to additional user-related pieces of information.