You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@brooklyn.apache.org by du...@apache.org on 2021/05/18 14:33:23 UTC

[brooklyn-docs] 01/01: Description of recent login and ldap changes

This is an automated email from the ASF dual-hosted git repository.

duncangrant pushed a commit to branch login-page-docs
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git

commit 01451f0b3c6ced33eaed7d0c222e99e7b36faac1
Author: Duncan Grant <du...@cloudsoft.io>
AuthorDate: Tue May 18 15:31:20 2021 +0100

    Description of recent login and ldap changes
    
    Can handle multiple ldap realms
    Can have a static login page instead of WWW_Authenticate header
---
 guide/ops/configuration/brooklyn_cfg.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/guide/ops/configuration/brooklyn_cfg.md b/guide/ops/configuration/brooklyn_cfg.md
index 1d9c4f8..3097917 100644
--- a/guide/ops/configuration/brooklyn_cfg.md
+++ b/guide/ops/configuration/brooklyn_cfg.md
@@ -126,6 +126,8 @@ The other things you need to set in `brooklyn.cfg` are:
 
 * `brooklyn.webconsole.security.ldap.url` - ldap connection url
 * `brooklyn.webconsole.security.ldap.realm` - ldap dc parameter (domain)
+* `brooklyn.webconsole.security.ldap.allowed_realms_regex` - allows multiple realms (domains) that match regex - username must 
+  be of form domain\user
 * `brooklyn.webconsole.security.ldap.ou` *optional, by default it set to Users* -  ldap ou parameter
 
 **brooklyn.cfg example configuration:**
@@ -225,3 +227,13 @@ org.apache.brooklyn.server.maxSessionAge = 3600
 org.apache.brooklyn.server.maxInactiveInterval = 3600
 ```
   
+## Login Page
+
+When using a username/password based authentication mechanism, Apache Brooklyn will be default respond with a 401
+response code and a [WWW_Authenticate](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) header set.  This relies on your browser asking for your basic auth credentials.  
+Alternatively you can configure brooklyn to use a login page by setting the following keys:
+
+```
+brooklyn.webconsole.security.unauthenticated.endpoints=brooklyn-ui-login
+brooklyn.webconsole.security.login.form=brooklyn-ui-login
+```
\ No newline at end of file