[CAM-7993] LDAP authentication is cached

Type: Feature Request
Resolution: Unresolved
Priority: L3 - Default
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- Ldap

Given:

REST API with enabled HTTP Basic Authentication
LDAP engine plugin is enalbed

Behavior:
Whenever a request is sent to the REST API, then the default HttpBasicAuthenticationProvider checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

Problem:
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

Users observed that authentication against the LDAP does just take parts of the time, but loading the authorization data takes a long time. One workaround is https://github.com/camunda-consulting/code/tree/master/snippets/authentication-filter-with-bypass

Desired behavior:

There should be some kind of caching of the (LDAP) authentication. This could be done either in the REST API or in the LDAP engine plugin.
There should be a configuration option to determine how long the authentication should be cached.

This is the controller panel for Smart Panels app

Roman Smirnov created issue - 30/Jun/17 3:16 PM

Roman Smirnov made changes - 30/Jun/17 3:17 PM

Description

Original: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests an short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
There should some could of caching, so that the authentication are cached. This could be done either in the REST API or in the LDAP engine plugin

New: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
There should some could of caching, so that the authentication are cached. This could be done either in the REST API or in the LDAP engine plugin

Roman Smirnov made changes - 30/Jun/17 3:17 PM

Description

Original: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
There should some could of caching, so that the authentication are cached. This could be done either in the REST API or in the LDAP engine plugin

New: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
There should be some kind of caching of the (LDAP) authentication. This could be done either in the REST API or in the LDAP engine plugin

Roman Smirnov made changes - 30/Jun/17 3:18 PM

Description

Original: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
There should be some kind of caching of the (LDAP) authentication. This could be done either in the REST API or in the LDAP engine plugin

New: *Given:*
- REST API with enabled HTTP Basic Authentication
- LDAP engine plugin is enalbed

*Behavior:*
Whenever a request is sent to the REST API, then the default {{HttpBasicAuthenticationProvider}} checks the given password. Therefore a request is sent to the configured LDAP to fetch the related user information. Afterwards the given password is checked.

*Problem:*
In a scenario, where multiple requests are received by the REST API, ends up with multiple requests to the configured LDAP. Even when the requests to the REST API is always from the same user.
Due to the amount of requests in a short time this leads to the problem, that the LDAP server does not respond anymore.

*Desired behavior:*
* There should be some kind of caching of the (LDAP) authentication. This could be done either in the REST API or in the LDAP engine plugin.
* There should be a configuration option to determine how long the authentication should be cached.

Roman Smirnov made changes - 30/Jun/17 3:19 PM

Link

New: This issue depends on SUPPORT-3446 [ SUPPORT-3446 ]

Matthijs made changes - 30/Jun/17 3:33 PM

Link

New: This issue is depended on by SUPPORT-3446 [ SUPPORT-3446 ]

Matthijs made changes - 30/Jun/17 3:33 PM

Link

Original: This issue depends on SUPPORT-3446 [ SUPPORT-3446 ]

Matthijs made changes - 27/Jul/17 4:10 PM

Link

New: This issue is related to SUPPORT-3523 [ SUPPORT-3523 ]

Thorben Lindhauer made changes - 14/Feb/19 2:55 PM

Workflow

Original: camunda BPM [ 43441 ]

New: Backup_camunda BPM [ 56269 ]

Garima Yadav made changes - 06/Sep/19 5:38 PM

Link

New: This issue is related to SUPPORT-6304 [ SUPPORT-6304 ]

Assignee:: Unassigned

Reporter:: Roman Smirnov

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 30/Jun/17 3:16 PM

Updated:: 12/Oct/22 10:50 AM

camunda BPM

Details

Description

mgm-controller-panel

This is the controller panel for Smart Panels app

Attachments

Activity

People

Dates

Salesforce