Hi,
Do you mean the /ldap-login page?
I’ve created a custom authentication module by essentially copying the
LDAPHierarchicalAuthentication.java file and using the getRemoteUser method to
get the current SSO authenticated userID. Then I use this in the authenticate
method instead of the parsed username. Later in the file I ignore where LDAP
attempts to authenticate the parsed username and password because I already
know the userID is trustworthy since it has already been through our SSO.
Then, I’ve added some extra code to the
xmlui-api.aspect.ePerson.LDAPAuthenticateAction.java to make the page not
bother checking for a username and password so it calls the authenticate method
as soon as the user clicks on ‘login’. Our SSO only fires when the user goes to
the ldap-login page.
Finally, to be able to turn this last feature off, I’ve added an extra
parameter to the LDAPauthentication.cfg.
I’m pleased with the creation of the new module (I’ve called it
RemoteuserAnuthentication.java and added it to the stack in authentication.cfg)
but not so much having to hang on to the ldap-login page since this crosses
over with the LDAP modules.
How do I create a new login page...RemoteUser-login, and use this instead?
Cheers
Ian
------------
Ian Wellaway
Senior System Support & Development Officer - Enterprise Applications
(Wednesdays only)
&
Technical Developer, Open Exeter - Infrastructure Systems (Monday-Tuesday,
Thursday-Friday)
Exeter IT
Room 54
Laver Building
University of Exeter
EX4 4QE
UK
tel +44 1392 722852
From: Hilton Gibson [mailto:[email protected]]
Sent: 03 December 2012 12:58
To: Ivan Masár
Cc: Wellaway, Ian; [email protected]
Subject: Re: [Dspace-tech] Dspace with SSO - request.getRemoteUser
What happens to the "/manager/html" login then?
On 3 December 2012 14:55, helix84
<[email protected]<mailto:[email protected]>> wrote:
On Mon, Dec 3, 2012 at 1:51 PM, Wellaway, Ian
<[email protected]<mailto:[email protected]>> wrote:
> Thanks for this.
>
> It turns out that to make tomcat carry over the HHTPServerRequest, you have
> to add the parameter tomcatAuthentication="false" to the ajp connector in
> tomcat's server.xml config:
>
> <!-- Define an AJP 1.3 Connector on port 8009 -->
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> URIEncoding="UTF-8" tomcatAuthentication="false" />
>
> Then, once you've logged in via your SSO, using request.getRemoteUser in the
> authentication files (such as
> org.dspace.authenticate.LDAPHierarchicalAuthentication.java) get's the
> authenticated userID.
Good catch! Should we add this somewhere to the docs?
https://wiki.duraspace.org/display/DSDOC3x/Authentication+Plugins
If you write it up, I can add it. Or you can ask Tim Donohue for
editing rights if you have a Jira account.
Regards,
~~helix84
Compulsory reading: DSpace Mailing List Etiquette
https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
_______________________________________________
DSpace-tech mailing list
[email protected]<mailto:[email protected]>
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
--
Hilton Gibson
Systems Administrator
JS Gericke Library
Room 1025D
Stellenbosch University
Private Bag X5036
Stellenbosch
7599
South Africa
Tel: +27 21 808 4100 | Cell: +27 84 646 4758
http://library.sun.ac.za
http://scholar.sun.ac.za
http://ar1.sun.ac.za
http://aj1.sun.ac.za
------------------------------------------------------------------------------
Keep yourself connected to Go Parallel:
BUILD Helping you discover the best ways to construct your parallel projects.
http://goparallel.sourceforge.net
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
List Etiquette: https://wiki.duraspace.org/display/DSPACE/Mailing+List+Etiquette
