Fossil: View Ticket

Ticket UUID:	ad56e8db1e94f8352646e9b9fdd6455c27e373bf
Title:	Windows Activity Directory Integration
Status:	Open	Type:	Feature_Request
Severity:	Important	Priority:	High
Subsystem:		Resolution:	Open
Last Modified:	2011-07-25 09:04:17
Version Found In:	1.18
Description & Comments:
I'd like to introduce Fossil to be the new DVCS into IT department of Huawei (http://www.huawei.com). Most of IT applications in the intranet of Huawei use Windows Activity Directory to authentication. Without the support on Windows Activity Directory, it will be very hard to implement the transform. I strongly suggest put this request as a high priority task in the to-do list. :) ben added on 2011-07-21 12:03:27 UTC: One simple way of implementing this: Fossil is set to use delegated authentication. This requires a shared secret and an "authentication URL". When a user asks to log on, fossil redirects to that authentication URL. In this case, it'd be a script running on a Windows IIS server, which uses "Integrated Windows Authentication" to authenticate the user. If a user authenticates successfully, it SHA1-HMAC signs the username and current time with a shared secret, then redirects the user back to the fossil server. The fossil server checks the signature is correct, the time is within a few seconds of the current time, and if so, logs the user on. anonymous added on 2011-07-22 09:24:36 UTC: Thanks for your suggestion. But I do not know where to find the configuration of fossil to support authentication delegate in [fossilbook.pdf]. anonymous added on 2011-07-25 09:04:17 UTC: Google "Sample SSPI Code" to implement doamin user authentication under Windows.