Thanks Chris. Turning on APIA auth across the board did the trick.
It does seem like the web client should prompt for a username and password
if it gets a error 401 when doing a getObjectProfile request though, since
its valid to only have a single resource that has APIA protected.
Cheers!
On Wed, Oct 26, 2011 at 10:58 PM, Chris Wilper <cwil...@duraspace.org>wrote:
> Hi Jonathan,
>
> When you have policies that start to cover resources available via
> "API-A" (access-oriented stuff), I think you generally need to make
> sure that Fedora is configured to require authentication across the
> board on API-A. The web admin client will bring up a prompt if Fedora
> is configured to authenticate the resource. Having a policy that
> covers a resource doesn't automatically trigger Fedora to require
> authentication on it, unfortunately.
>
> It sounds like you might have installed with API-A authentication not
> turned on (you can check in your
> $FEDORA_HOME/install/install.properties file for the
> "apia.auth.required" flag). If that's the case, that would explain the
> problem. I don't know off hand how to switch to requiring AuthN on
> API-A without re-installing Fedora...but it should be possible by
> making tweaks in $FEDORA_HOME/server/config (as of Fedora 3.5). If
> it's an earlier version of Fedora, you might need to modify the
> webapp's web.xml file to do it.
>
> - Chris
>
> On Wed, Oct 26, 2011 at 4:33 PM, Jonathan Green
> <jonat...@discoverygarden.ca> wrote:
> > Hi All.
> >
> > I have a repository were certain collections have XACML policies
> restricting
> > APIA to certain roles. The web admin client doesn't seem to authenticate
> > when sending the getObjectProfile request, so it won't allow me to see
> any
> > objects in these collections. Is there any way to change this behavior?
> If I
> > do cURL calls I can see that everything works fine as long as a username
> and
> > password is sent with the request.
> >
> > Cheers,
> >
> > --
> > Jonathan Green
> > DiscoveryGarden Inc.
> > Sims Office Suites Building, 3rd Floor, 118 Sydney Street
> > Charlottetown, PE C1A 1G4
> > 902.367.3851 discoverygarden.ca
> > jonat...@discoverygarden.ca
> > skype: jonathan.edwards.green
> >
> >
> >
> ------------------------------------------------------------------------------
> > The demand for IT networking professionals continues to grow, and the
> > demand for specialized networking skills is growing even more rapidly.
> > Take a complimentary Learning@Cisco Self-Assessment and learn
> > about Cisco certifications, training, and career opportunities.
> > http://p.sf.net/sfu/cisco-dev2dev
> > _______________________________________________
> > Fedora-commons-users mailing list
> > Fedora-commons-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
> >
> >
>
>
> ------------------------------------------------------------------------------
> The demand for IT networking professionals continues to grow, and the
> demand for specialized networking skills is growing even more rapidly.
> Take a complimentary Learning@Cisco Self-Assessment and learn
> about Cisco certifications, training, and career opportunities.
> http://p.sf.net/sfu/cisco-dev2dev
> _______________________________________________
> Fedora-commons-users mailing list
> Fedora-commons-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
>
--
Jonathan Green
DiscoveryGarden Inc.
Sims Office Suites Building, 3rd Floor, 118 Sydney Street
Charlottetown, PE C1A 1G4
902.367.3851 discoverygarden.ca
jonat...@discoverygarden.ca
skype: jonathan.edwards.green
------------------------------------------------------------------------------
RSA(R) Conference 2012
Save $700 by Nov 18
Register now
http://p.sf.net/sfu/rsa-sfdev2dev1
_______________________________________________
Fedora-commons-users mailing list
Fedora-commons-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
