[
https://issues.apache.org/jira/browse/OFBIZ-1906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Guy Gershoni updated OFBIZ-1906:
--------------------------------
Attachment: security-remoteuser_login.diff
Patch to enable log in via getRemoteUser().
Need to have something like CAS client set up to populate remote user.
> Allow use of HttpServletRequest.getRemoteUser() for 3rd party authentication
> ----------------------------------------------------------------------------
>
> Key: OFBIZ-1906
> URL: https://issues.apache.org/jira/browse/OFBIZ-1906
> Project: OFBiz
> Issue Type: Improvement
> Components: framework
> Affects Versions: SVN trunk
> Reporter: Guy Gershoni
> Priority: Minor
> Attachments: security-remoteuser_login.diff
>
> Original Estimate: 4h
> Remaining Estimate: 4h
>
> Am using CAS (http://www.ja-sig.org/products/cas/) to do authentication
> which, with the standard CAS Java client, populates the
> HttpServletRequest.getRemoteUser() with the user it has authenticated
> (http://www.ja-sig.org/wiki/display/CASC/Configuring+the+JA-SIG+CAS+Client+for+Java+in+the+web.xml...
> bottom of page)..
> Have noticed in framework/security/config/security.properties on line 73
> there is the following:
> # -- HTTP header based ID (for integrations; uncomment to enable)
> #security.login.http.header=REMOTE_USER
> which is then processed by
> framework/webapp/src/org/ofbiz/webapp/control/LoginWorker.java around line
> 611 on:
> So would like to add the following to security.properties:
> # -- HttpServletRequest getRemoteUser() based ID (for integrations; uncomment
> to enable)
> #security.login.http.servlet.getremoteuser.allow=true
> and in LoginWorker.java add some code to check property and suck in remote
> user from request if O.K.
> Am developing patch.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
