Supporting other auth methods

New features coming/planned; books of work, etc.

Supporting other auth methods

Postby Oleg » Wed Apr 22, 2015 12:21 am

Hi, Gents and ladies!

I've spent some time on implementing a hook for other authentication methods in qPad - kerberos, websso, you name it.

What I have now is an alpha version that can use external dlls for authentication (much like studio for kdb+ seeks and supports classes implementing IAuthenticationMethod).

Idea so far is very simple, I have a working qPad P.O.C. and dummy auth dll sample - please drop me a line (zakharovoleg@gmail.com) if you interested in implementing dlls for your organization's infrastructure and trying out this version. Of course, this version is free, just like the base qPad version :) but authentication dlls most probably should be written in-house, and owned/reviewed/audited by the FI they are going to be used in - it's just common sense.

I tried to provide API as simple and transparent as possible, so there would be absolutely no need to pass usernames/passwords or other auth service details to qPad - authentication dll should take care of all that, giving out just temporary security token to qpad which it will in turn pass to server instead of plain text user:pass pair.

API's negotiable as well, but my goal is to keep it as generic/infrastructure-agnostic as possible of course.

Cheers,
Oleg
Oleg
Site Admin
 
Posts: 53
Joined: Fri Jan 14, 2011 5:10 pm

Re: Version supporting other auth methods

Postby Oleg » Tue Jan 31, 2017 6:38 pm

In fact, currently available versions of qPad can support alternative (to clear text) auth methods for quite a while.

Here's how to implement auth method that qPad will be able to use:

You've got to create dll and put it right beside qpad executable, name starts with auth_
Interface is as follows:

LPCWSTR __stdcall GetAuthMethodName();
int __stdcall GetCredentialString(LPCWSTR strConnString, LPWSTR pCredentials, DWORD dwLength);

If qpad can recognize your dll, you'll see another entry in Q Settings default credentials list box, besides clear text - the auth method name your GetAuthMethodName returns.

Now for usage conventions.

Let's say GetAuthMethodName returns "myAD"
Then if you connect to `:localhost:61::myAD?authparam=myparam
GetCredentialString will get called from your dll with "myAD?authparam=myparam" in strConnString, you need to put credential string into pCredentials buffer (if it fits dwLength) or return length needed otherwise.
This string will be used by qpad instead of user:password to connect to the instance.

That's about it.
For convenience, you can of course specify this as a password in Q Settings as a default - if will be used by default whenever you won't specify credentials at all (just not when you hit Test on a connection dialog - this will test exact credentials you provided)

Let me know if you have any problems.
Oleg
Site Admin
 
Posts: 53
Joined: Fri Jan 14, 2011 5:10 pm


Return to News and announcements

Who is online

Users browsing this forum: No registered users and 1 guest

cron