Leveraging on the Active Directory: Base/Foundation Services

Since we have decided to use the AD as the user management foundation for the different web applications running on the network, it’s now so easy to write applications without worry. But won’t it be nice for users to login on one application and remain in session across multiple applications just like you have on yahoo, msn, windows network, etc.? Why should a user login into different applications? It’s no consolation that the security credentials are the same.

Now, Windows have the same facilities, which is evident for those who have used Outlook Web Access (OWA). If you are authenticated against the domain in which OWA is residing, you wouldn’t be prompted to login again. I tried so much but couldn’t lay my hands on any reference. It should be some obscure ActiveX somewhere…

So, I set out to design what we call a base/foundation service (BFS) structure. This is an application that authenticates a user against the active directory and keeps the session information in a database. When a user attempts to use an application, the app queries the BFS to know if the user is logged in and what the security credentials/profiles are. An application must be registered and talks via secured connection (web service over https) before it can query the BFS. The sessions are tied to machines, and it has a scheduler that runs the timeout processes.

We use an oracle database so that the applications could survive a crash and also allows clustering. ColdFusion itself could use a database for session management in clustering.

Author: Adedeji Olowe

Adédèjì is the founder of Lendsqr, the loan infrastructure fintech powering lenders at scale. Before this, he led Trium Limited, the corporate VC of the Coronation Group, which invested in Woven Finance, Sparkle Bank, Clane, and L1ght, amongst others. He has almost two decades of banking experience, including stints as the Divisional Head of Electronic Banking at Fidelity Bank Plc. He drove the turnaround of the bank’s digital business. He was previously responsible for United Bank for Africa Group’s payment card business across 19 countries. Alongside other industry veterans, he founded Open Banking Nigeria, the nonprofit driving the development and adoption of a common API standard for the Nigerian financial industry. Beyond open APIs, Adédèjì works deeply within the fintech ecosystem; he’s the board chairman at Paystack. Adédèjì is a renowned fintech pundit and has been blogging on technology and payments at dejiolowe.com since 2001.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.