This is an automated email from the ASF dual-hosted git repository. duncangrant pushed a commit to branch login-page-docs in repository https://gitbox.apache.org/repos/asf/brooklyn-docs.git
commit 01451f0b3c6ced33eaed7d0c222e99e7b36faac1 Author: Duncan Grant <[email protected]> AuthorDate: Tue May 18 15:31:20 2021 +0100 Description of recent login and ldap changes Can handle multiple ldap realms Can have a static login page instead of WWW_Authenticate header --- guide/ops/configuration/brooklyn_cfg.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/guide/ops/configuration/brooklyn_cfg.md b/guide/ops/configuration/brooklyn_cfg.md index 1d9c4f8..3097917 100644 --- a/guide/ops/configuration/brooklyn_cfg.md +++ b/guide/ops/configuration/brooklyn_cfg.md @@ -126,6 +126,8 @@ The other things you need to set in `brooklyn.cfg` are: * `brooklyn.webconsole.security.ldap.url` - ldap connection url * `brooklyn.webconsole.security.ldap.realm` - ldap dc parameter (domain) +* `brooklyn.webconsole.security.ldap.allowed_realms_regex` - allows multiple realms (domains) that match regex - username must + be of form domain\user * `brooklyn.webconsole.security.ldap.ou` *optional, by default it set to Users* - ldap ou parameter **brooklyn.cfg example configuration:** @@ -225,3 +227,13 @@ org.apache.brooklyn.server.maxSessionAge = 3600 org.apache.brooklyn.server.maxInactiveInterval = 3600 ``` +## Login Page + +When using a username/password based authentication mechanism, Apache Brooklyn will be default respond with a 401 +response code and a [WWW_Authenticate](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) header set. This relies on your browser asking for your basic auth credentials. +Alternatively you can configure brooklyn to use a login page by setting the following keys: + +``` +brooklyn.webconsole.security.unauthenticated.endpoints=brooklyn-ui-login +brooklyn.webconsole.security.login.form=brooklyn-ui-login +``` \ No newline at end of file
