You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@brooklyn.apache.org by du...@apache.org on 2021/05/18 14:33:23 UTC
[brooklyn-docs] 01/01: Description of recent login and ldap changes
This is an automated email from the ASF dual-hosted git repository.
duncangrant pushed a commit to branch login-page-docs
in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
commit 01451f0b3c6ced33eaed7d0c222e99e7b36faac1
Author: Duncan Grant <du...@cloudsoft.io>
AuthorDate: Tue May 18 15:31:20 2021 +0100
Description of recent login and ldap changes
Can handle multiple ldap realms
Can have a static login page instead of WWW_Authenticate header
---
guide/ops/configuration/brooklyn_cfg.md | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/guide/ops/configuration/brooklyn_cfg.md b/guide/ops/configuration/brooklyn_cfg.md
index 1d9c4f8..3097917 100644
--- a/guide/ops/configuration/brooklyn_cfg.md
+++ b/guide/ops/configuration/brooklyn_cfg.md
@@ -126,6 +126,8 @@ The other things you need to set in `brooklyn.cfg` are:
* `brooklyn.webconsole.security.ldap.url` - ldap connection url
* `brooklyn.webconsole.security.ldap.realm` - ldap dc parameter (domain)
+* `brooklyn.webconsole.security.ldap.allowed_realms_regex` - allows multiple realms (domains) that match regex - username must
+ be of form domain\user
* `brooklyn.webconsole.security.ldap.ou` *optional, by default it set to Users* - ldap ou parameter
**brooklyn.cfg example configuration:**
@@ -225,3 +227,13 @@ org.apache.brooklyn.server.maxSessionAge = 3600
org.apache.brooklyn.server.maxInactiveInterval = 3600
```
+## Login Page
+
+When using a username/password based authentication mechanism, Apache Brooklyn will be default respond with a 401
+response code and a [WWW_Authenticate](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) header set. This relies on your browser asking for your basic auth credentials.
+Alternatively you can configure brooklyn to use a login page by setting the following keys:
+
+```
+brooklyn.webconsole.security.unauthenticated.endpoints=brooklyn-ui-login
+brooklyn.webconsole.security.login.form=brooklyn-ui-login
+```
\ No newline at end of file