dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refine Security & Auth: LDAP bind, JWT sessions, idle timeout, failure handling

Browse Source 
Replace Windows Integrated Auth with direct LDAP bind (username/password login form).
Add JWT-based sessions with HMAC-SHA256 shared key for load balancer compatibility.
15-minute token refresh re-queries LDAP for current group memberships. 30-minute
configurable idle timeout. LDAP failure: new logins fail, active sessions continue
with current roles until LDAP recovers.
This commit is contained in:
Joseph Doherty
2026-03-16 08:16:29 -04:00
parent 57eae0c1db
commit cbc78465e0
3 changed files with 75 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
HighLevelReqs.md
View File

@@ -375,7 +375,7 @@ The central cluster hosts a **configuration and management UI** (no live machine
## 9. Security & Access Control
### 9.1 Authentication
- **UI users** authenticate via **LDAP/Active Directory** directly (Windows Integrated Authentication).
- **UI users** authenticate via **username/password** validated directly against **LDAP/Active Directory**. Sessions are maintained via JWT tokens.
- **External system API callers** authenticate via **API key** (see Section 7).
### 9.2 Authorization