[
https://issues.apache.org/jira/browse/ROL-1933?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13731026#comment-13731026
]
Glen Mazza commented on ROL-1933:
---------------------------------
Hi Nick, thanks for your contribution, however, out of fear of the library
falling out-of-date (it's at 2.4 while 2.7 is soon shipping), need to bring in
an additional non-Central repository to Roller to obtain the Crowd JARs, and
the non-open source nature of the JARs (proprietary code, no source code
available), we've decided to pull this functionality outside of Roller. Email
here: http://markmail.org/message/tyxrhzclkycovd4p.
If you wish to put these two classes in GitHub, or make a blog entry of them,
and explain how to hack Roller so that those wanting this functionality (and
having the proper Crowd license) can incorporate it into Roller, that would be
great, and we can link to it from the Roller Wiki. (I just added in a previous
comment the code changes needed in case you don't have the time.) Also, we're
open to patches that facilitate such plugins generically so long as we don't
need to include non-open source JARs within the distribution or need to add
non-Central repos to the Roller pom.
> Crowd Login Authentication Roller Integration
> ---------------------------------------------
>
> Key: ROL-1933
> URL: https://issues.apache.org/jira/browse/ROL-1933
> Project: Roller
> Issue Type: New Feature
> Reporter: Nick Padilla
> Assignee: Glen Mazza
> Labels: authentication, integration
> Fix For: 5.1
>
> Attachments: 2-BasicUserAutoProvision.txt,
> 2-CrowdAuthenticationProvider.java, 2-CrowdRollerUserDetails.java, 2-pom.xml,
> 2-roller-properties.txt, 2-security-xml.txt, BasicUserAutoProvision.txt,
> CrowdAuthenticationProvider.java, crowd.properties,
> CrowdRollerUserDetails.java, pox-xml.txt, security-xml.txt
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> CROWD:
> 1. First off how do we want to handle the demotion or elevation of
> permissions,groups rather. Say an admin goes to just an editor or an editor
> goes to admin, currently there will be no change on Roller.
> 2. If user has permissions for the application but is not part of a group,
> currently it gives editor roles; does that work? If not we need to make a
> that change.
> 3. Old users can continue to use thier Roller accounts, if the user is a user
> of the Roller application in Crowd they will authenticate through Crowd. This
> is as long as the two accounts have the same
> user name. Once authenticated through Crowd, Roller Authentication will not
> work. So if Crowd goes down and all users are in Crowd then no one will be
> able to enter the site. Recommendation is to have
> at least one admin user that doesn't have an account in Crowd, this way there
> will always be a way in.
> 4. If the crowd.properties file is not on the classpath then we never use
> crowd to authenticate, however if you have users that were authenticated
> through crowd then they will not be able to login.
> 5. If the user exists in Crowd and has permissions to access Roller and
> Roller doesn't contain this user account then a new user will be registered
> automatically; if no groups are setup then the user
> will have editor role, if the user is part of a group that contains the
> string "admin" or "ADMIN" then that user will be given Admin rights.
> 6. Here is an example crowd.properties file, currently we get the file every
> time there is a need for it; so that resource will be continually accessed.
> If this is problem, which I can understand I can
> create a singleton that will hanlde the crowd.properties file and only load
> it once. This means if any changes are made to the file we have to restart
> the application.
> #required fields
> crowd.application.name=roller
> crowd.application.password=password
> crowd.port=8095
> crowd.host=localhost
> crowd.context=crowd
> #end required fields
> #this setting allows the use of https, defaults to false; not
> present we will use plain socket.
> crowd.useSecureConnection=false
> crowd.default.timezone=
> crowd.default.locale=
> You can add this file the same way you add the roller-custom.properties.
> TimeZone and Locale are not required, but standard format.
> 7. These are the settings that need to be set in the roller-custom.properties
> to enable the use of Crowd Authentication:
> # Crowd Auth, need these settings to be enabled
> users.sso.enabled=true
> users.sso.autoProvision.enabled=true
> If these are not set Crowd authentication will not work correctly. The
> AutoProvision is what makes this all work, the users from Crowd and not in
> Roller will be saved to Rollers db the first time the log in. The reason this
> is needed
> is so that permissions can be written for Roller. Will still need to add some
> code to ensure when users get promoted or demoted, those changes make it to
> the Roller DB.
> Please see attached files as they contain these changes and are in sync with
> Trunk, as of today. We can extend this functionality but here is working
> starting point.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
