Many Web-based applications are initially developed with only limited attention to user management. The applications typically start with internal user and group database tables which are sometimes even a feature provided by the Web development framework that is being used. When integration with other authentication and identity sources is needed, additional features need to be implemented for the application to recognize them. When enterprise-scale deployments are then requested, Web developers tend to reinvent the wheel, re-implementing access to LDAP and Active Directory services for every new application.

At the same time, there already is an open-source solution to identity management in the form of the FreeIPA and sssd components. These components drive user, host, and service management on the operating system level. By moving the authentication and identity operations from the Web application code to Apache HTTP server modules that take advantage of the underlying identity management technologies of the operating system, all of the low-level details can be kept out of the Web application code while consuming the authentication and identity lookup results (even in complex enterprise environments).

In this session, we will explore the configuration options and show the generic and fairly small changes to Web application code to take advantage of external authentication driven by the front end HTTP server.