i do not clearly understand how the authentication is done - the first part is the dn of the user, but what should we do with the profile ? why should it be a jahia group ? jahia only needs a user identifier like the dn, and some trusted credentials. i believe the profile should be checked against lemonldap server for authenticity, but i do not see how this can be done. or it can be ignored, if you are sure tomcat will never be accessed without passing through the lemonldap module, and that the header cannot be faked. obviously the http valve will not work with this, but another valve based on that one can be quickly developped for supporting lemonldap.
thomas
Le 1 f�vr. 05, � 15:12, Dominique Pellat a �crit :
Hello Thomas,
LemonLdap does not send user/password in Basic Authentification but a String which is an application profile for Jahia, like this - found on http://lemonldap.sourceforge.net/ - :
code before encoding: uid=egerman-cp,ou=personnes,ou=dgcp,ou=mefi,o=gouv,c=fr:1S
code after encoding: dWlkPWVnZXJtYW4tY3Asb3U9cGVyc29ubmVzLG91PWRnY3Asb3U9bWVmaSx
vPWdvdXYsYz1mcjoxUw==
where '1S' is the profile of the user to be transmitted to the Jahia authentification module.
So how do you think Jahia could manage this ? If the profile was the same name as a group of users in Jahia(ex: group name = '1S' in Jahia), the authentication could be resolved by matching the profile coming in HTTP header and the group in Jahia: this way, mapping between group and roles in portlet will be OK. Do you think it will be possible ? If it is, I can test this evolution and give feedback to you because I have already a LemonLdap running.
Thanks by advance,
Regards, Dominique Pellat
On Tue, 1 Feb 2005 11:20:00 +0100, Thomas Draier <[EMAIL PROTECTED]> wrote:hi dominique,
you can activate the http authorization valve in jahia by adding an
entry in the WEB-INF/etc/config/auth-pipeline.xml . just add this entry
at the beginning :
<valveDescriptor>
<className>org.jahia.params.valves.HttpBasicAuthValveImpl</className> </valveDescriptor> then you can log in into jahia by providing user/password with http-basic auth. that should work with lemonldap. thomas
Le 31 janv. 05, � 19:05, Dominique Pellat a �crit :
Hi,
I would like to know if this build includes the evolution to be able
to run in SSO mode the proxy LemonLdap bounded with a Jahia server. Is
this version of Jahia decrypting the HTTP header AUTHORIZATION coming
from LemonLdap and maps the found roles/profiles to a Jahia group ? I
saw SSOIFrame and SSOWebContent portlet included in this build but I
am not sure it concerns this evolution.
It is for a test purpose only: I have a proxy LemonLdap well
configured and I just want to plug it in on a Jahia version 4.1, where
this evolution was scheduled.
Regards,
Dominique PELLAT
