You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@jspwiki.apache.org by Tom Wheeler <to...@gmail.com> on 2010/01/09 00:03:20 UTC
Hints for Integrating Custom Authentication?
I'd like to integrate JSPWiki with our company's Web-based single sign
on system (SSO). I've figured out how I can plug in a custom
authenticator to validate the username/password specified on the
JSPWiki login page, but this won't work with our SSO.
To be more specific, our SSO is implemented somewhat like Kerberos,
where the application does not have access to the credientials but
simply delegates to another server for authentication. Thus, I won't
have a login page on JSPWiki at all -- I just want to plug in some
code that will provide whatever user information JSPWiki might need
(and redirect unauthenticated requests to the remote server).
It's not clear to me what I should subclass and how to configure
JSPWiki to use it. Any hints about how to do this would be greatly
appreciated.
--
Tom Wheeler
http://www.tomwheeler.com/
Re: Hints for Integrating Custom Authentication?
Posted by TruptiP <tr...@gmail.com>.
Hi,
I also want to implement same kind of authentication in my wiki.
Can you please guide me?
Currently, my wiki is performing LDAP authentication and I want to implement
SSO in wiki and other web-apps.
Thanks and Regards,
Trupti P.
tomwheel wrote:
>
> I was able to fix the problems I encountered. In case someone else
> runs into the same difficulties, there were two issues at play.
>
> The first was that the hostname I'd set in the tomcat config and
> jspwiki.properties file was not fully-qualified. This caused
> preferences not to be saved because the JavaScript had an invalid
> value for Wiki.BasePath (jspwiki-common.js, line 244). It had the
> last few characters of the hostname and the first few characters of
> the context name. Adding the domain name to the hostname in both
> those files got it working correctly.
>
> The second was just a permissions problem. The user and group
> databases were not writable by the Tomcat server process owner.
>
> On 1/13/10, Tom Wheeler <to...@gmail.com> wrote:
>> I may have spoken too soon in my previous message. I think I'm
>> probably close, but it's definitely not working. Most of my confusion
>> comes from outdated documentation related to authentication in the
>> Wiki. Several times I've followed something that seems to address my
>> problem, only to find out that it's for some earlier version and does
>> not apply to 2.8.3. In the end, I am not really sure what's correct
>> for my version.
>> .
>
> --
> Tom Wheeler
> http://www.tomwheeler.com/
>
>
--
View this message in context: http://old.nabble.com/Hints-for-Integrating-Custom-Authentication--tp27083634p27237371.html
Sent from the JspWiki - User mailing list archive at Nabble.com.
Re: Hints for Integrating Custom Authentication?
Posted by Tom Wheeler <to...@gmail.com>.
I was able to fix the problems I encountered. In case someone else
runs into the same difficulties, there were two issues at play.
The first was that the hostname I'd set in the tomcat config and
jspwiki.properties file was not fully-qualified. This caused
preferences not to be saved because the JavaScript had an invalid
value for Wiki.BasePath (jspwiki-common.js, line 244). It had the
last few characters of the hostname and the first few characters of
the context name. Adding the domain name to the hostname in both
those files got it working correctly.
The second was just a permissions problem. The user and group
databases were not writable by the Tomcat server process owner.
On 1/13/10, Tom Wheeler <to...@gmail.com> wrote:
> I may have spoken too soon in my previous message. I think I'm
> probably close, but it's definitely not working. Most of my confusion
> comes from outdated documentation related to authentication in the
> Wiki. Several times I've followed something that seems to address my
> problem, only to find out that it's for some earlier version and does
> not apply to 2.8.3. In the end, I am not really sure what's correct
> for my version.
> .
--
Tom Wheeler
http://www.tomwheeler.com/
Re: Hints for Integrating Custom Authentication?
Posted by Tom Wheeler <to...@gmail.com>.
I may have spoken too soon in my previous message. I think I'm
probably close, but it's definitely not working. Most of my confusion
comes from outdated documentation related to authentication in the
Wiki. Several times I've followed something that seems to address my
problem, only to find out that it's for some earlier version and does
not apply to 2.8.3. In the end, I am not really sure what's correct
for my version.
My first step was based on Jack Hericus' example. I subclassed the
AbstractLoginModule to check the session for authentication
credentials and then added the principals upon login. I put the JAR
file containing this class in the WEB-INF/lib directory and then set
the jspwiki.loginModule.class property in the jspwiki.properties file
to its fully-qualified name. I had several log statements in the
login() method, but none of the messages ever showed up in the log.
It was at least trying to create the class, though, because I
intentionally changed the class name to something invalid as a test
and JSPWiki failed to start because of it.
My next step was based on Andrew's advice to register a servlet filter
before JSPWiki's filter and then wrap the request to set the user
Principal. This *almost* worked -- after my filter is invoked,
JSPWiki shows that I am authenticated and logged in using the expected
name. But a lot of other things don't work, such as saving the user
preferences (no error, but they immediately revert to their defaults).
Viewing the profile or group tabs on the preferences pages doesn't
work either; clicking the tabs does not change what's shown. This is
also true of the Attach tab on any page, though the Info tab does show
the history of my edits.
The userdatabase.xml and groupdatabase.xml files are present but empty
(except for their root elements). I'd like to use JSPWiki to manage
the groups, if that's possible.
Any ideas as to what I should check? Is there a simple example which
uses 2.8.3 for custom login anywhere?
Thanks for any help-
Tom
On Mon, Jan 11, 2010 at 2:39 PM, Tom Wheeler <to...@gmail.com> wrote:
> Yes, I have JSPWiki 2.8.3 installed.
>
> ... I am still working through the finer points, but I understand the
> code and think I'm on the right track now.
--
Tom Wheeler
http://www.tomwheeler.com/
Re: Hints for Integrating Custom Authentication?
Posted by Lo...@log-net.com.
OK, let me know if you need anything else.
-Lou
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOG-NET, Inc.
The Logistics Network Management System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
230 Half Mile Road
Third Floor
Red Bank, NJ 07701
PH: 732-758-6800
FAX: 732-747-7497
http://www.LOG-NET.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIDENTIAL & PRIVILEGED
Unless otherwise indicated or if obvious from the nature of the content,
the information contained herein is privileged and confidential
information/work product. The communication is intended for the use of the
individual or entity named above. If the reader of this transmission is
not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by telephone (732-758-6800) or by electronic
mail (postmaster@LOG-NET.com), and destroy any copies, electronic, paper
or otherwise, which you may have of this communication. Thank you.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tom Wheeler <to...@gmail.com>
01/11/2010 03:39 PM
Please respond to
jspwiki-user@incubator.apache.org
To
jspwiki-user@incubator.apache.org
cc
Subject
Re: Hints for Integrating Custom Authentication?
Hi Andrew/Lou,
Yes, I have JSPWiki 2.8.3 installed.
Another user wrote me offlist, gave me some hints and offered some
code samples since this is something very similar to what he'd
implemented in the past. I am still working through the finer
points, but I understand the code and think I'm on the right track
now.
Thanks to all for the help.
--
Tom Wheeler
http://www.tomwheeler.com/
Re: Hints for Integrating Custom Authentication?
Posted by Tom Wheeler <to...@gmail.com>.
Hi Andrew/Lou,
Yes, I have JSPWiki 2.8.3 installed.
Another user wrote me offlist, gave me some hints and offered some
code samples since this is something very similar to what he'd
implemented in the past. I am still working through the finer
points, but I understand the code and think I'm on the right track
now.
Thanks to all for the help.
--
Tom Wheeler
http://www.tomwheeler.com/
Re: Hints for Integrating Custom Authentication?
Posted by Andrew Jaquith <an...@gmail.com>.
Hi Tom --
You didn't mention what version of JSPWiki you are using, but I assume
it's 2.8, right?
I don't know the specifics of your setup, but one way to solve this
might be use container authentication. If you authenticate users via
the container, JSPWiki will "pick up" those credentials and know that
the user authenticated successfully.
The other approach might be write a custom Filter that intercepts the
request before JSPWiki does. The filter would look in the user request
and extract whatever proof of authentication is in there, for example
a special cookie. The HTTP request would then be re-wrapped so that
the wrapped request's getUserPrincipal() method returned the
credential. That, too, would give JSPWiki what it needed.
Andrew
On Fri, Jan 8, 2010 at 6:03 PM, Tom Wheeler <to...@gmail.com> wrote:
> I'd like to integrate JSPWiki with our company's Web-based single sign
> on system (SSO). I've figured out how I can plug in a custom
> authenticator to validate the username/password specified on the
> JSPWiki login page, but this won't work with our SSO.
>
> To be more specific, our SSO is implemented somewhat like Kerberos,
> where the application does not have access to the credientials but
> simply delegates to another server for authentication. Thus, I won't
> have a login page on JSPWiki at all -- I just want to plug in some
> code that will provide whatever user information JSPWiki might need
> (and redirect unauthenticated requests to the remote server).
>
> It's not clear to me what I should subclass and how to configure
> JSPWiki to use it. Any hints about how to do this would be greatly
> appreciated.
>
> --
> Tom Wheeler
> http://www.tomwheeler.com/
>
Re: Hints for Integrating Custom Authentication?
Posted by Lo...@log-net.com.
Tom:
Last year I implemented jspwiki with our app using a custom login module.
I had to write some pretty custom auth - jspwiki is only accessible from
our app and only after our app logs authenticates the user.
I won't bore the list with details unnecessarily, but if it may help you,
let me know and I'll post details.
-Lou
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LOG-NET, Inc.
The Logistics Network Management System
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
230 Half Mile Road
Third Floor
Red Bank, NJ 07701
PH: 732-758-6800
FAX: 732-747-7497
http://www.LOG-NET.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CONFIDENTIAL & PRIVILEGED
Unless otherwise indicated or if obvious from the nature of the content,
the information contained herein is privileged and confidential
information/work product. The communication is intended for the use of the
individual or entity named above. If the reader of this transmission is
not the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly
prohibited. If you have received this communication in error, please
notify the sender immediately by telephone (732-758-6800) or by electronic
mail (postmaster@LOG-NET.com), and destroy any copies, electronic, paper
or otherwise, which you may have of this communication. Thank you.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tom Wheeler <to...@gmail.com>
01/08/2010 06:03 PM
Please respond to
jspwiki-user@incubator.apache.org
To
jspwiki-user@incubator.apache.org
cc
Subject
Hints for Integrating Custom Authentication?
I'd like to integrate JSPWiki with our company's Web-based single sign
on system (SSO). I've figured out how I can plug in a custom
authenticator to validate the username/password specified on the
JSPWiki login page, but this won't work with our SSO.
To be more specific, our SSO is implemented somewhat like Kerberos,
where the application does not have access to the credientials but
simply delegates to another server for authentication. Thus, I won't
have a login page on JSPWiki at all -- I just want to plug in some
code that will provide whatever user information JSPWiki might need
(and redirect unauthenticated requests to the remote server).
It's not clear to me what I should subclass and how to configure
JSPWiki to use it. Any hints about how to do this would be greatly
appreciated.
--
Tom Wheeler
http://www.tomwheeler.com/