...
The external authentication service is an extendable web-service that can integrate with any 3rd party directory service, including ADS and OpenLDAP. If the directory is a custom built solution, e.g. a SQL database or available via a custom API, please contact us. The external authentication service can easily be extend extended to support your solution.
The external authentication service now decides if the user is allowed to access the system and if so, what group membership are granted to the user for this session. See step 7 6 Phase 2 below.
7 - Validate the User
Based on the HTTP/S headers injected by the security appliance , the external authentication service connects to the directory service to validate that the users exists and retrieves additional data, e.g. group memberships and roles.
This step is fully optional, if the security appliance provides already all information needed.
...
With the user validated and the additional metadata available, the external authentication service makes the final decision if access is granted.
If not, the user is denied.
If yes, the external authentication service instructs the users service to create / update the required user and which group memberships to grant to the user for this session.
...
With the information from the external authentication service, the user service now creates and entitles the user. Session information is sent back with the HTTP/S response.
Further requests with this session will pass the security appliance as well as the Squirro frontend / user services. The external authentication service will not be consulted for each request, until the squirro session expires. Session expiration time can be configured.
...