[
https://issues.apache.org/jira/browse/ROL-1933?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Glen Mazza closed ROL-1933.
---------------------------
Resolution: Won't Fix
See last comment.
> Crowd Login Authentication Roller Integration
> ---------------------------------------------
>
> Key: ROL-1933
> URL: https://issues.apache.org/jira/browse/ROL-1933
> Project: Roller
> Issue Type: New Feature
> Reporter: Nick Padilla
> Assignee: Glen Mazza
> Labels: authentication, integration
> Fix For: 5.1
>
> Attachments: 2-BasicUserAutoProvision.txt,
> 2-CrowdAuthenticationProvider.java, 2-CrowdRollerUserDetails.java, 2-pom.xml,
> 2-roller-properties.txt, 2-security-xml.txt, BasicUserAutoProvision.txt,
> CrowdAuthenticationProvider.java, crowd.properties,
> CrowdRollerUserDetails.java, pox-xml.txt, security-xml.txt
>
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> CROWD:
> 1. First off how do we want to handle the demotion or elevation of
> permissions,groups rather. Say an admin goes to just an editor or an editor
> goes to admin, currently there will be no change on Roller.
> 2. If user has permissions for the application but is not part of a group,
> currently it gives editor roles; does that work? If not we need to make a
> that change.
> 3. Old users can continue to use thier Roller accounts, if the user is a user
> of the Roller application in Crowd they will authenticate through Crowd. This
> is as long as the two accounts have the same
> user name. Once authenticated through Crowd, Roller Authentication will not
> work. So if Crowd goes down and all users are in Crowd then no one will be
> able to enter the site. Recommendation is to have
> at least one admin user that doesn't have an account in Crowd, this way there
> will always be a way in.
> 4. If the crowd.properties file is not on the classpath then we never use
> crowd to authenticate, however if you have users that were authenticated
> through crowd then they will not be able to login.
> 5. If the user exists in Crowd and has permissions to access Roller and
> Roller doesn't contain this user account then a new user will be registered
> automatically; if no groups are setup then the user
> will have editor role, if the user is part of a group that contains the
> string "admin" or "ADMIN" then that user will be given Admin rights.
> 6. Here is an example crowd.properties file, currently we get the file every
> time there is a need for it; so that resource will be continually accessed.
> If this is problem, which I can understand I can
> create a singleton that will hanlde the crowd.properties file and only load
> it once. This means if any changes are made to the file we have to restart
> the application.
> #required fields
> crowd.application.name=roller
> crowd.application.password=password
> crowd.port=8095
> crowd.host=localhost
> crowd.context=crowd
> #end required fields
> #this setting allows the use of https, defaults to false; not
> present we will use plain socket.
> crowd.useSecureConnection=false
> crowd.default.timezone=
> crowd.default.locale=
> You can add this file the same way you add the roller-custom.properties.
> TimeZone and Locale are not required, but standard format.
> 7. These are the settings that need to be set in the roller-custom.properties
> to enable the use of Crowd Authentication:
> # Crowd Auth, need these settings to be enabled
> users.sso.enabled=true
> users.sso.autoProvision.enabled=true
> If these are not set Crowd authentication will not work correctly. The
> AutoProvision is what makes this all work, the users from Crowd and not in
> Roller will be saved to Rollers db the first time the log in. The reason this
> is needed
> is so that permissions can be written for Roller. Will still need to add some
> code to ensure when users get promoted or demoted, those changes make it to
> the Roller DB.
> Please see attached files as they contain these changes and are in sync with
> Trunk, as of today. We can extend this functionality but here is working
> starting point.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
