Thank you, I had figured that out. Problem is that this rule replaces everything with /otrs/customer.pl even when it already has /j2-admin/rproxy/otrs prepended. Since the offending string is http://hostname.domain-name.com:8080/otrs/customer.pl?CSID=10822f631e5c8aaaa5b4236cd2547c5d82 I attempted to construct a new rule with pattern \\/otrs\\/customer\\.pl\\?CSID and replacement /j2-admin/rproxy/otrs/otrs/customer.pl?CSID
However, it never seems to catch the pattern. I tried it with escaping the ? and not escaping the ? as I wasn't sure which it should be. I also have a similiar issue with /otrs-web..... coming from javascript, I assume. Problem is that some of these patterns are prepended with the proxy and some are not. How to catch the ones which need rewrite as opposed to the ones which do not. From: Woonsan Ko <[email protected]> To: Jetspeed Users List <[email protected]> Date: 08/20/2010 03:35 PM Subject: Re: SSO IFrame form authentication If the pass configuration is for 'otrs' in your example, "proxy.reverse.pass = otrs", then the configuration keys should look like these: proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns = \\/otrs\\/customer\\.pl proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces = /j2-admin/rproxy/otrs/otrs/customer.pl --- On Fri, 8/20/10, Woonsan Ko <[email protected]> wrote: > From: Woonsan Ko <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Friday, August 20, 2010, 9:13 PM > I guess the first page which tried to > redirect to the second page with wrong url by using > javascript. > If it redirects to other page from the server-side with > http status code and header, then the reverse proxy service > can detect and rewrite to a proxied url from the reverse > proxy configurations if found. > > Anyway, if the first page has javascript to redirect, e.g., > 'location.href = > /otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a', > that script line is not rewritten by default. > (By the way, you can refer to the default rewriting class > here if you're interested in: http://svn.apache.org/repos/asf/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultReverseProxyLinkRewritingParserAaptor.java ) > > If the redirecting script line is simple, then you can add > a custom replace pattern in the reverse proxy configuration > like the following example: > > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customPatterns > = \\/otrs\\/customer\\.pl > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customReplaces > = /j2-admin/rproxy/otrs/otrs/customer.pl > > The above additional custom replace configuration will > replace every line having that regex pattern. > > -Woonsan > > --- On Fri, 8/20/10, [email protected] > <[email protected]> > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Friday, August 20, 2010, 8:19 PM > > I am using > > j2-admin::SSOReverseProxyIFramePortlet. I also > believe > > I am > > using the exact reverse properties as the apache > > example. I have > > discovered one issue when accessing directly in that > it > > appears when I > > enter > > http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl , > > > > and login manually, I am redirected to > > http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a > > > > and I get an HTTP 404 error. If I then correct the > > url and put the > > j2-admin/rproxy/otrs back in, I get the correct page > > rendered and I am > > logged in. In any case, once I get logged in and > try > > to drill down to an > > incident link, I get an error trying to load the > javascript > > because > > something has changed the .js in the link to .html > > Again, I am using the > > apache example config for rewriting. > > > > # ... Set max matching path part count > > proxy.reverse.pass.maxMatchingPathPartCount = 2 > > > > # ... Sets detail attributes for apache path mapping > > proxy.reverse.pass = otrs > > proxy.reverse.pass.otrs.local = /otrs/ > > proxy.reverse.pass.otrs.remote = http://host.domain-name.com/ > > proxy.reverse.pass.otrs.rewriter.basic = > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > proxy.reverse.pass.otrs.rewriter.parserAdaptor = html > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html = > > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType > > = text/html > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > = true > > > > Thanks, MikeB > > > > Mike Ballard > > Director of Internet Development and Networking > > O'Reilly Auto Parts > > (417) 874-7107 Ofc > > (417) 838-0271 Cell > > > > This message is protected by the Electronic > Communications > > Privacy Act, 18 > > USCS § 2510 et seq., and may not be used, copied or > > forwarded without the > > consent of the named recipient(s). The information > > contained in this > > message is confidential, is intended only for the use > of > > the individual or > > entity named. If the reader of this message is not > > the intended > > recipient, you are hereby notified that any > dissemination, > > distribution or > > copying of this communication is strictly > prohibited. > > If you have > > received this communication in error, please notify > me > > immediately at > > 417-874-7107. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/20/2010 12:55 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > Regarding the problem of javascript link ending in .js > to > > .html, with > > which portlet do you meet the problem? > > j2-admin::SSOReverseProxyIFramePortlet, > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet, > > j2-admin::SSOIFramePortlet, > j2-admin::SSOWebContentPortlet, > > or > > j2-admin::SSOProxyPortletPortlet? > > > > j2-admin::SSOReverseProxyIFramePortlet and > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet > only > > are using the > > reverse proxy service. > > > > If you are using those reverse proxy portlets, then > how's > > the rewriter > > configurations for the reverse proxy pass mapping in > > /j2-admin/WEB-INF/conf/reverseproxy.properties? > > I'd like to recommend you to use the default > configuration > > like the apache > > example: > > > > # ... Sets detail attributes for apache path mapping > > proxy.reverse.pass.apache.local = /apache/ > > proxy.reverse.pass.apache.remote = http://apache.org/ > > proxy.reverse.pass.apache.rewriter.basic = > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > proxy.reverse.pass.apache.rewriter.parserAdaptor = > html > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html > = > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType > > = text/html > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > = true > > > > With the default example above, the rewriting xml > rule > > files such as > > default-rewriter-rules.xml and rewriter-rules-mapping > do > > not play any role > > with reverse proxying portlets. > > > > The last example in the configuration file still uses > the > > Neko and Sax > > parser adaptor configuation, which was provided for > the old > > web content > > portlets. However, it turns out to be less useful in > this > > reverse proxy > > portlets. (The old rewriting xml rules were mainly > for > > rewriting urls to > > portlet urls, while reverse proxy service is just > another > > servlet-based > > solution with integration to portlet, meaning the url > > rewriting doesn't > > need to be that complex any more.) > > > > One more tip is that you could test the reverse > proxying by > > navigating the > > proxied urls directly. > > So, for example, if http://www.yourdomain.com/orders/ is mapped to > > /j2-admin/rproxy/yourdomain/orders/, then you can > browse > > directly to > > http://localhost:8080/j2-admin/rproxy/yourdomain/orders/. > > You can see what > > happens for rewriting problems with this direct > access. > > > > HTH, > > > > Woonsan > > > > --- On Fri, 8/20/10, [email protected] > > <[email protected]> > > > > wrote: > > > > > From: [email protected] > > <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Friday, August 20, 2010, 6:55 PM > > > Good to know. So I have rebuilt > > > my site on 2.2.1 and it seems to be > > > stable, unlike the previous implementation on > Derby. > > > Not sure if that's > > > an indication of a problem with 2.2.1 & > Derby, or > > just > > > a local issue. My > > > remaining issue is the rewrite in the reverse > proxy > > portlet > > > is changing a > > > javascript link ending in .js to .html Any > > ideas? > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/20/2010 11:50 AM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > I believe the pages can be simply copied because > I > > cannot > > > find anything to > > > watch with psml pages either. > > > By the way, you can copy those pages into any > other > > folder > > > by configuring > > > the path in > > /jetspeed/WEB-INF/conf/override.properties. For > > > example, > > > > > > # default path to (XML) PSML pages root folder > > > psml.pages.path = > > > ${applicationRoot}/WEB-INF/migrated_pages > > > > > > Regards, > > > > > > Woonsan > > > > > > --- On Fri, 8/20/10, [email protected] > > > <[email protected]> > > > > > > wrote: > > > > > > > From: [email protected] > > > <[email protected]> > > > > Subject: Re: SSO IFrame form authentication > > > > To: "Jetspeed Users List" <[email protected]> > > > > Date: Friday, August 20, 2010, 3:05 PM > > > > I have installed 2.2.1 with MySQL and > > > > I now need to move my pages and > > > > layouts from the 2.2.0 installation. > Given > > that > > > my > > > > previous 2.2.1 > > > > installation on Derby is defunct, is there > > anything I > > > > should watch out for > > > > this time? Can I simply copy the psml's > > from > > > the > > > > 2.2.0 directories to the > > > > 2.2.1 directories? I have not > > seen a > > > > migration guide to address this > > > > need. > > > > > > > > > > > > > > > > From: > > > > Woonsan Ko <[email protected]> > > > > To: > > > > Jetspeed Users List <[email protected]> > > > > Date: > > > > 08/18/2010 12:35 PM > > > > Subject: > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > Hi, > > > > > > > > I haven't heard of that preferences data > problem > > yet > > > in > > > > 2.2.1. > > > > IMHO, It could help to localize the problems > if > > you > > > test > > > > against other > > > > databases > > > > like PostgreSQL or MySQL. > > > > On the other hand, I think you could deploy > > newer > > > > j2-admin.war and > > > > apa-webcontent.war which were included in > 2.2.1. > > > > > > > > -Woonsan > > > > > > > > > > > > ----- Original Message ---- > > > > > From: "[email protected]" > > > > <[email protected]> > > > > > To: Jetspeed Users List <[email protected]> > > > > > Sent: Wed, August 18, 2010 6:10:25 AM > > > > > Subject: Re: SSO IFrame form > authentication > > > > > > > > > > Well, here's the rub. I believe the > > > > SSOReverseProxyIFramePortlet is new > > > > > > > > > in 2.2.1, which is where I was when I > first > > > posted, > > > > however, I found > > > > that > > > > > my configuration kept getting > scrambled, so > > I > > > reverted > > > > to 2.2.0 I will > > > > > try your suggestion on 2.2.1, but I > will > > have to > > > > address the scrambling > > > > > issue. What is happening is > > this. I > > > have > > > > cloned the IFramePortlet > > > > > several times and configured each for > > different > > > static > > > > content being > > > > > served from apache2. I have avoided > > setting > > > any > > > > user preferences, and, > > > > > > > > > instead, set the preferences for each > clone > > in > > > the > > > > PAM portlet. > > > > Everything > > > > > worked fine. Then after a few hours, > > the > > > > IFramePortlet content was all > > > > > > > > > mixed up. For instance, the portlet > on > > > > > > page 1 would be showing the > > > > > content I had configured for the > portlet on > > page > > > > > > > 2 and so on. I went > > > > into > > > > > PAM and corrected the preferences to > what > > > they > > > > should be and assumed I > > > > was > > > > > ok, but the next morning things were > > > scrambled > > > > again. I did some > > > > queries > > > > > in the derby db and it appears they > > are > > > wrong > > > > there. I don't know if > > > > this > > > > > is a portlet id issue or an indexing > > > problem or > > > > what, but I need a > > > > > resolution before I can proceed to > > 2.2.1 > > > > Of course, I have the exact > > > > same > > > > > configuration in 2.2.0 and am having > > no > > > problem > > > > there, but I also have > > > > no > > > > > SSOReverseProxyIFrame there. > > Any > > > ideas? > > > > > > > > > > > > > > > > > > > > From: > > > > > David Sean Taylor <[email protected]> > > > > > To: > > > > > Jetspeed Users List <[email protected]> > > > > > Date: > > > > > 08/17/2010 07:19 PM > > > > > Subject: > > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > > > > > On Tue, Aug 17, 2010 at 1:40 PM, > > > <[email protected]> > > > > > > > wrote: > > > > > > How did your testing go? I > > compared > > > SSO > > > > Webcontent (which works, > > > > sort > > > > > of) > > > > > > to SSO IFrame classes and I see a > > method > > > > for preemptive login in the > > > > > > webcontent class but no reference > at > > all in > > > > the SSO IFrame class. > > > > Does > > > > > > this just mean it is being done > > > > differently, or is something amiss in > > > > > > > > > the > > > > > > SSO IFrame class? > > > > > > > > > > There are two SSOIFrame classes: > > > > > > > > > > 1. SSOIFramePortlet > > > > > 2. SSOReverseProxyIFramePortlet > > > > > > > > > > Suggest using the second one, > > > > SSOReverseProxyIFramePortlet as it gives > > > > > you features not available in the > > older > > > > SSOIFramePortlet such as > > > > > auto-resizing and form-based > authentication > > > > > > (what you are after) > > > > > > > > > > I tested with > SSOReverseProxyIFramePortlet > > and > > > > it worked in the > > > > > example that comes with Jetspeed, but > it > > takes a > > > > little bit of > > > > > configuration. > > > > > > > > > > First, ensure your Tomcat will need > this > > > > attribute set in the > > > > > <Connector> element of > > server.xml: > > > > > > > > > > emptySessionPath="true" > > > > > > > > > > more detail here: > > > > > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > > > > > If you had to change server.xml > > setting, > > > then > > > > restart your server > > > > > > > > > > I took these steps to verify SSO > with > > the > > > > example form-based login > > > > > that comes with Jetspeed: > > > > > > > > > > 1. login as admin > > > > > 2. navigate to the Jetspeed > Administration > > > > space, SSO Management page, > > > > > or just go here: > > > > > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > > > > > Add a new Site with following > > parameters: > > > > > > > > > > Site Name: Form Example > > > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > > > > > Field name for User ID: user > > > > > Field name For Password value: pass > > > > > > > > > > Press Save > > > > > > > > > > Add a new credential for this site > in > > the > > > > portlet on the right side > > > > > (SSO Details): > > > > > > > > > > Portal Principal: admin > > > > > Remote Principal: admin > > > > > Remote Credential: admin > > > > > > > > > > Press Add > > > > > > > > > > You can verify that the remote > > > credential > > > > was added for the admin > > > > > user by going here: > > > > > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > > > > > see the portlet on the right "SSO > > Change > > > > Passwords", a remote site > > > > > entry should be there named "Form > > Example" > > > > > > > > > > Next, you can use the Toolbox to find > the > > > > Reverse Proxy Iframe Portlet > > > > > by searching on "iframe" and then > selecting > > it > > > > from there and adding > > > > > to a page. To make things simple, I > just > > added a > > > > page and then added > > > > > the Reverse Proxy Iframe Portlet there. > At > > first > > > this > > > > portlet seems to > > > > > want to use Basic Authentication, so > just > > hit > > > cancel > > > > when challenged. > > > > > I then switched to edit mode (pencil > icon), > > and > > > > entered the following > > > > > preferences: > > > > > > > > > > TITLE: My SSO Test > > > > > SRC: http://localhost:$ > > > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > > > > > Press Save > > > > > > > > > > You should see in your portlet content > > something > > > > > > > like: > > > > > > > > > > "Hello, admin. You have been authorized > by > > > > form-based authentication > > > > !!!" > > > > > > > > > > Give that a try and see if it works. > Then, > > move > > > on > > > > to your specific > > > > > IFrame source and let us know how it > > > goes... > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > [email protected] > > > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > > > > > > -- > > > > > This message has been scanned for > > viruses > > > and > > > > > dangerous content by MailScanner, > and > > is > > > > > believed to be clean > > > > (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > > > > > > > > > > > This communication and any > attachments > > are > > > > confidential, protected by > > > > > Communications Privacy Act 18 USCS > § > > > 2510, > > > > solely for the use of the > > > > > intended recipient, and may contain > > > legally > > > > privileged material. If you > > > > > > > > > are not the intended recipient, please > > > > return or > > > > destroy it > > > > immediately. > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > -- > > > > This message has been scanned for viruses > and > > > > dangerous content by MailScanner, and is > > > > believed to be clean > (mailgw2:9902C1E701.B0EA8). > > > > > > > > > > > > > > > > > > > > This communication and any attachments are > > > confidential, > > > > protected by > > > > Communications Privacy Act 18 USCS § 2510, > > solely for > > > the > > > > use of the > > > > intended recipient, and may contain legally > > > privileged > > > > material. If you > > > > are not the intended recipient, please > return or > > > destroy it > > > > immediately. > > > > Thank you. > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean > (mailgw2:8B04D2A000C.7088C). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, > > > protected by > > > Communications Privacy Act 18 USCS § 2510, > solely for > > the > > > use of the > > > intended recipient, and may contain legally > > privileged > > > material. If you > > > are not the intended recipient, please return or > > destroy it > > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:792FC1E702.4691D). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean (mailgw2:EE2E12A000A.92659). This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
