You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-dev@portals.apache.org by Evangelos Vlachogiannis <ev...@aegean.gr> on 2009/07/19 17:47:57 UTC
CAS authentication / authorization
Hi list,
I would like to ask if anybody has integrated CAS (Central
Authentication Service - http://www.jasig.org/cas) with Jetspeed-2.
Here is my problem situation:
CAS sits"in front" of an LDAP server of my university that I do not have
"write" permissions. The meta I use from ldap is the credentials and
some information of users' role in university (like student, instructor
e.t.c.). What I need to do is to login in jetspeed portal from jetspeed
login form and through CAS to validate authentication for all services
under jetspeed. However, as I cannot store anything in ldap I need
somehow to initialize an existing user stored in ldap in jetspeed
database. An idea is to do that on first login by introducing some
mapping rules (any help how to do that?). Another problem which I cannot
overcome using CAS java clients filters is how to allow public access,
as the filter will always asks for authentication under /portal/.
Any ideas, help more than welcome,
thnx,
Vangelis
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: CAS authentication / authorization
Posted by David Sean Taylor <d....@onehippo.com>.
On Jul 22, 2009, at 8:55 AM, Evangelos Vlachogiannis wrote:
> I would like to ask if Portaladministation.registeruser created also
> userfolder and create appropriate permissions so that the user can
> personalize its pages (Add portlets e.t.c.)
>
> thnx in advance,
> Vangelis
>
Hi Vangelis,
The registerUser API can create user folders and set appropriate
permissions. Its a configurable option. See the javadocs:
http://portals.apache.org/jetspeed-2/apidocs/org/apache/jetspeed/administration/PortalAdministration.html
Parameters:
userName - Unique user principal identifier
password - Password for this user
roles - A list of roles to assign to this user
groups - A list of groups to assign to this user
userInfo - Portlet API User Information Attributes name value
pairs (PLT.D)
rules - A map of name value pairs of profiling rules. Well known
rules names are 'page' and 'menu'
folderTemplate - The full PSML path name of a folder to be deep
copied as the new user's set of folders, pages, links
subsite - The subsite folder to place the new user in
The parameter you are looking for is folderTemplate, it can be null
and a user folder will not be created, or a path to a template folder
as described above
Re: ΑΠ: CAS authentication / authorization
Posted by David Sean Taylor <d....@onehippo.com>.
On Jul 22, 2009, at 12:09 PM, Vlachogiannis Evangelos wrote:
> Hi list,
>
> I think I have found some solutions (attached).
>
> - for allowing public pages to be visible to guess user and also
> allow jetspeed users (not CAS user like admin) to login I have
> introduced a folder "caslogin" and configured CAS filter with
> pattern "/portal/caslogin". So only then the user is being
> redirected to the CAS authentication service. I simply provide a
> login link with url "/portal/caslogin"
>
> - my second problem was about users that appear in CAS but not in
> jetspeed. I have developed a filter that when such a login takes
> place, jetspeed creates a jetspeed user with same username and
> default roles and pages.
>
> - my 3rd problem was logout. When a user logout need to be logout
> both from jetspeed2 context and CAS. For that I have slightly
> modified the jetspeed logout servet.
>
> That’s all for now.. Please let me know for any better solutions.
> Thanks,
> Vangelis
>
Hi Vangelis,
[Sorry for the late response, on vacation]
I downloaded your zip and will try to review it over the next week or
so, as Im interested in a CAS solution. If it looks good I would like
to contribute it to the project
I've created a JIRA issue for you to track:
https://issues.apache.org/jira/browse/JS2-1055
>
> ________________________________________
> Από: Evangelos Vlachogiannis [evlach@aegean.gr]
> Αποστολή: Τετάρτη, 22 Ιουλίου 2009 6:55 μμ
> Προς: Jetspeed Developers List
> Θέμα: Re: CAS authentication / authorization
>
> I would like to ask if Portaladministation.registeruser created also
> userfolder and create appropriate permissions so that the user can
> personalize its pages (Add portlets e.t.c.)
>
Yes it can. There are a number of params on registerUser's 3 signatures:
registerUser
void registerUser(java.lang.String userName,
java.lang.String password,
java.util.List roles,
java.util.List groups,
java.util.Map userInfo,
java.util.Map rules,
java.lang.String template,
java.lang.String subsiteFolder)
throws RegistrationException
Registers and creates a new user, assigning userInfo, roles, groups,
profiling rules and a folder template. If any values are null,
defaults are used from the system wide configuration.
Parameters:
userName - Unique user principal identifier
password - Password for this user
roles - A list of roles to assign to this user
groups - A list of groups to assign to this user
userInfo - Portlet API User Information Attributes name value pairs
(PLT.D)
rules - A map of name value pairs of profiling rules. Well known rules
names are 'page' and 'menu'
template - The full PSML path name of a folder to be deep copied as
the new user's set of folders, pages, links
subsiteFolder - The subsite folder to place the new user in
Throws:RegistrationException
Since:2.1.2 registerUser
So if you specify the subsiteFolder to point to a site path, such /
_user/templates/mytemplate, it will copy that template to the new
user's home
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
ΑΠ: CAS authentication / authorization
Posted by Vlachogiannis Evangelos <ev...@aegean.gr>.
Hi list,
I think I have found some solutions (attached).
- for allowing public pages to be visible to guess user and also allow jetspeed users (not CAS user like admin) to login I have introduced a folder "caslogin" and configured CAS filter with pattern "/portal/caslogin". So only then the user is being redirected to the CAS authentication service. I simply provide a login link with url "/portal/caslogin"
- my second problem was about users that appear in CAS but not in jetspeed. I have developed a filter that when such a login takes place, jetspeed creates a jetspeed user with same username and default roles and pages.
- my 3rd problem was logout. When a user logout need to be logout both from jetspeed2 context and CAS. For that I have slightly modified the jetspeed logout servet.
That�s all for now.. Please let me know for any better solutions.
Thanks,
Vangelis
________________________________________
���: Evangelos Vlachogiannis [evlach@aegean.gr]
��������: �������, 22 ������� 2009 6:55 ��
����: Jetspeed Developers List
����: Re: CAS authentication / authorization
I would like to ask if Portaladministation.registeruser created also
userfolder and create appropriate permissions so that the user can
personalize its pages (Add portlets e.t.c.)
thnx in advance,
Vangelis
David Sean Taylor wrote:
> On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:
>
>
>> Hi again,
>>
>> thnx for the response. I use jetspeed 2.2 but I do not want to talk
>> directly to the LDAP.
>> I am introducing a filter based on PortalFilter (see attached
>> CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/
>> )
>> - get the username of authenticated user -> done
>> - if username does not appear in portal db -> create new user with
>> username and assign default group/roles (in future I plan to
>> introduce a mapping mechanism)
>> - put principal in portal context
>>
>> Problems till now:
>> - exception (see attached exception.txt) Any help ??
>> - As the CAS filter has a url-pattern="/*" (see web.xml) how can a
>> user see public pages without being redirected to CAS
>> Any help would be appreciated.
>>
>>
> From the line number of the NPE, my guess is that the user is null
>
> Do you see any of these exceptions occurring?
>
> } catch (RegistrationException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> } catch (SecurityException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.392 / Virus Database: 270.13.20/2251 - Release Date: 07/20/09 18:29:00
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: CAS authentication / authorization
Posted by Evangelos Vlachogiannis <ev...@aegean.gr>.
I would like to ask if Portaladministation.registeruser created also
userfolder and create appropriate permissions so that the user can
personalize its pages (Add portlets e.t.c.)
thnx in advance,
Vangelis
David Sean Taylor wrote:
> On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:
>
>
>> Hi again,
>>
>> thnx for the response. I use jetspeed 2.2 but I do not want to talk
>> directly to the LDAP.
>> I am introducing a filter based on PortalFilter (see attached
>> CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/
>> )
>> - get the username of authenticated user -> done
>> - if username does not appear in portal db -> create new user with
>> username and assign default group/roles (in future I plan to
>> introduce a mapping mechanism)
>> - put principal in portal context
>>
>> Problems till now:
>> - exception (see attached exception.txt) Any help ??
>> - As the CAS filter has a url-pattern="/*" (see web.xml) how can a
>> user see public pages without being redirected to CAS
>> Any help would be appreciated.
>>
>>
> From the line number of the NPE, my guess is that the user is null
>
> Do you see any of these exceptions occurring?
>
> } catch (RegistrationException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> } catch (SecurityException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.392 / Virus Database: 270.13.20/2251 - Release Date: 07/20/09 18:29:00
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: CAS authentication / authorization
Posted by Evangelos Vlachogiannis <ev...@aegean.gr>.
Hi David,
with updated source (see attached) I get attached exception and on the
console:
gr.uportal.filter
user: nipapado
user: nipapado not in portal db
user: nipapado not created1
thnx for your time,
V.
David Sean Taylor wrote:
> On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:
>
>
>> Hi again,
>>
>> thnx for the response. I use jetspeed 2.2 but I do not want to talk
>> directly to the LDAP.
>> I am introducing a filter based on PortalFilter (see attached
>> CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/
>> )
>> - get the username of authenticated user -> done
>> - if username does not appear in portal db -> create new user with
>> username and assign default group/roles (in future I plan to
>> introduce a mapping mechanism)
>> - put principal in portal context
>>
>> Problems till now:
>> - exception (see attached exception.txt) Any help ??
>> - As the CAS filter has a url-pattern="/*" (see web.xml) how can a
>> user see public pages without being redirected to CAS
>> Any help would be appreciated.
>>
>>
> From the line number of the NPE, my guess is that the user is null
>
> Do you see any of these exceptions occurring?
>
> } catch (RegistrationException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> } catch (SecurityException e1) {
> // TODO Auto-generated catch block
> System.out.println("user: " + userName + " not created");
> }
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 8.5.392 / Virus Database: 270.13.20/2251 - Release Date: 07/20/09 18:29:00
>
Re: CAS authentication / authorization
Posted by David Sean Taylor <d....@onehippo.com>.
On Jul 21, 2009, at 1:35 AM, Evangelos Vlachogiannis wrote:
> Hi again,
>
> thnx for the response. I use jetspeed 2.2 but I do not want to talk
> directly to the LDAP.
> I am introducing a filter based on PortalFilter (see attached
> CASPortalFilter.java implementation in order to: (http://u-portal.gunet.gr:8080/uportal3/
> )
> - get the username of authenticated user -> done
> - if username does not appear in portal db -> create new user with
> username and assign default group/roles (in future I plan to
> introduce a mapping mechanism)
> - put principal in portal context
>
> Problems till now:
> - exception (see attached exception.txt) Any help ??
> - As the CAS filter has a url-pattern="/*" (see web.xml) how can a
> user see public pages without being redirected to CAS
> Any help would be appreciated.
>
From the line number of the NPE, my guess is that the user is null
Do you see any of these exceptions occurring?
} catch (RegistrationException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + " not created");
} catch (SecurityException e1) {
// TODO Auto-generated catch block
System.out.println("user: " + userName + " not created");
}
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
Re: CAS authentication / authorization
Posted by Evangelos Vlachogiannis <ev...@aegean.gr>.
Hi again,
thnx for the response. I use jetspeed 2.2 but I do not want to talk
directly to the LDAP.
I am introducing a filter based on PortalFilter (see attached
CASPortalFilter.java implementation in order to:
(http://u-portal.gunet.gr:8080/uportal3/)
- get the username of authenticated user -> done
- if username does not appear in portal db -> create new user with
username and assign default group/roles (in future I plan to introduce a
mapping mechanism)
- put principal in portal context
Problems till now:
- exception (see attached exception.txt) Any help ??
- As the CAS filter has a url-pattern="/*" (see web.xml) how can a user
see public pages without being redirected to CAS
Any help would be appreciated.
BR,
Vangelis
David Sean Taylor wrote:
> On Jul 19, 2009, at 8:47 AM, Evangelos Vlachogiannis wrote:
>
>
>> Hi list,
>>
>> I would like to ask if anybody has integrated CAS (Central
>> Authentication Service - http://www.jasig.org/cas) with Jetspeed-2.
>>
>>
> I don't have any experience with CAS but I have integrated similar
> solutions such as Shibboleth.
>
>
>> Here is my problem situation:
>>
>> CAS sits"in front" of an LDAP server of my university that I do not
>> have "write" permissions. The meta I use from ldap is the
>> credentials and some information of users' role in university (like
>> student, instructor e.t.c.). What I need to do is to login in
>> jetspeed portal from jetspeed login form and through CAS to validate
>> authentication for all services under jetspeed. However, as I cannot
>> store anything in ldap I need somehow to initialize an existing user
>> stored in ldap in jetspeed database. An idea is to do that on first
>> login by introducing some mapping rules (any help how to do that?).
>> Another problem which I cannot overcome using CAS java clients
>> filters is how to allow public access, as the filter will always
>> asks for authentication under /portal/.
>>
>>
>
> We do have a LDAP replication solution in 2.2. What version of
> Jetspeed are you using?
>
>
>
>> Any ideas, help more than welcome,
>>
>
> It would be a valuable contribution to have CAS support or at least
> documentation in Jetspeed at some level.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-dev-help@portals.apache.org
>
>
Re: CAS authentication / authorization
Posted by David Sean Taylor <d....@onehippo.com>.
On Jul 19, 2009, at 8:47 AM, Evangelos Vlachogiannis wrote:
> Hi list,
>
> I would like to ask if anybody has integrated CAS (Central
> Authentication Service - http://www.jasig.org/cas) with Jetspeed-2.
>
I don't have any experience with CAS but I have integrated similar
solutions such as Shibboleth.
> Here is my problem situation:
>
> CAS sits"in front" of an LDAP server of my university that I do not
> have "write" permissions. The meta I use from ldap is the
> credentials and some information of users' role in university (like
> student, instructor e.t.c.). What I need to do is to login in
> jetspeed portal from jetspeed login form and through CAS to validate
> authentication for all services under jetspeed. However, as I cannot
> store anything in ldap I need somehow to initialize an existing user
> stored in ldap in jetspeed database. An idea is to do that on first
> login by introducing some mapping rules (any help how to do that?).
> Another problem which I cannot overcome using CAS java clients
> filters is how to allow public access, as the filter will always
> asks for authentication under /portal/.
>
We do have a LDAP replication solution in 2.2. What version of
Jetspeed are you using?
> Any ideas, help more than welcome,
It would be a valuable contribution to have CAS support or at least
documentation in Jetspeed at some level.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org