Rails and Single Sign on

Hi, I want to slowly start bringing in Rails to my company. I found an
opportunity with some fairly basic web forms that end users will
manage entering data into. The data will be used in an ETL process
later on. Building it will be the easy part, however, those in the
enterprise will require that its accessible from the enterprise portal
and uses their current setup of utilizing LDAP to first log into the
portal to authenticate and then use oblix(oracle access manager) to
intercept someone clicking on a link that will drive them to my site
is something I don't know how to do with Rails.

Can anyone provide assistance or point me in the right direction? my
google searches haven't yielded much as of yet. One last thing, does
anyone know if rails will work with Oracle HTTP server? and how to set
up fast CGI for that? I'm hoping it can since Oracle HTTP server is
build based on Apache.

I don't know anything about oblix, but I have put a Junebug wiki
(http://www.junebugwiki.com -- a Camping app, not a rails app, but the
same technique would apply) behind a single-sign-in infrastructure
based on CoSign (http://weblogin.org). With CoSign, you have an Apache
module that handles the authentication, so it's not handled at the
application level. The basic idea was:

1. Create a CoSign protected url-space in the Apache server.

2. Use Apache mod_proxy to proxy this space to the Junebug wiki mongrel.

3. Tweak the junebug code to pick up credentials from the environment
variables set by the CoSign filter.

Works great. Maybe that will give you some ideas...

The best way to do it, and what we do here, is authenticate against our e-mail server.

For more: http://daniel.collectiveidea.com/blog/2007/2/8/rails-plugin-imap_authenticatable

Both are good suggestions that I will look into but I'm forced to use
the existing LDAP/Oblix setup. I guess what I was looking for was if
someone specifically set this up. Maybe I can look at the two
solutions and come up with some ideas. Ultimately, a user will log in
once to the portal and then my rails app will need to read some header
parameters that it gets sent back to it from oblix and then initialize
the log in to rails. I guess I'm looking for how to do that...

set a before_filter that uses net/http to request whether or not the user is logged into the portal.

This is gonna be really rough code… I don’t know how to do what you want, but I do something similar using a different central auth system.

def get_remote_auth_filter

     # Get validation from remote system
    h = Net::HTTP.new '[auth.mydomain.com](http://auth.mydomain.com)', 443
    h.use_ssl = true
    doc = REXML::

Document.new(h.get("/some/remote/url/that/returns/headers_or_something").body)
result = REXML::XPath.first(doc, ‘//root/user/text()’)
if result = “logged in”
# move on

    else
       flash[:notice] = "not logged in"
       redirect_to main_url
    end

end

Maybe that will get you on the right track