Active Directory user federation with Rails?

Is it possible to use existing AD users to authenticate them in a ruby on rails app? To be a bit more precise here's the current situation.

A rails app is hosted on a linux box. Currently Brightbox is used as hosting provider. There's only built in user authentification in the rails app and I can't see a way to make the app aware of connected AD users.

Now there's a rather b开发者_JS百科ig customer in spe with hundreds of Active Directory users. Clearly they want to have their users logged in without creating a rails app account for each. All the known idendity providers (OpenId, Google, Facebook...) are no alternative.

The only thing I could find doing this stuff is Microsofts ADFS2. But it looks like not really usable in the rails world. But that's exactly needed. A way to establish a trust between AD and my app to trust the external AD users.

Any ideas?

ADFS requires some flavour of web.config on the client side.

You could protect the rails app. with another Access Manager product (OpenSSO / OpenAM). See Integrating Applications With OpenSSO.

Or you could add a WIF "lookalike" plugin to Rails (if there is such a beast) which needs to handle either the WS-Federation or SAML protocol that ADFS recognises.

Have a look at PingFederate which is sold by my employer, Ping Identity. You'll be done in no time. It makes this sort of integration very simple and secure.