Re: Authentication handler
Hey Stefan, Thanks! Exactly what I was looking for then ;) Greets, Roy > On 4 Oct 2016, at 17:22, Stefan Seifert <sseif...@pro-vision.de> wrote: > > when the repository is up and running the repository authentication is used > for web console as well. > but during startup phase, or when the repository is down/unavailable the > authentication built into the web console itself takes place. > > you need to change the admin password in the osgi config "Apache Felix OSGi > Management Console" as well. esp. on production systems or you have a > security leak if the repository is not available for whatever reason. > > stefan > >> -Original Message- >> From: Roy Teeuwen [mailto:r...@teeuwen.be] >> Sent: Tuesday, October 4, 2016 4:45 PM >> To: users@sling.apache.org >> Subject: Authentication handler >> >> Hey all, >> >> When starting up our sling instance, if you go to /system/console in the >> VERY beginning (like 1-3 seconds after doing a startup), it is possible to >> log in with admin/admin, even when the admin password has been changed to >> something else. >> What bundle has to come active for this hardcoded default login not to work >> anymore? >> >> Greetings, >> Roy >
RE: Authentication handler
when the repository is up and running the repository authentication is used for web console as well. but during startup phase, or when the repository is down/unavailable the authentication built into the web console itself takes place. you need to change the admin password in the osgi config "Apache Felix OSGi Management Console" as well. esp. on production systems or you have a security leak if the repository is not available for whatever reason. stefan >-Original Message- >From: Roy Teeuwen [mailto:r...@teeuwen.be] >Sent: Tuesday, October 4, 2016 4:45 PM >To: users@sling.apache.org >Subject: Authentication handler > >Hey all, > >When starting up our sling instance, if you go to /system/console in the >VERY beginning (like 1-3 seconds after doing a startup), it is possible to >log in with admin/admin, even when the admin password has been changed to >something else. >What bundle has to come active for this hardcoded default login not to work >anymore? > >Greetings, >Roy
Authentication handler
Hey all, When starting up our sling instance, if you go to /system/console in the VERY beginning (like 1-3 seconds after doing a startup), it is possible to log in with admin/admin, even when the admin password has been changed to something else. What bundle has to come active for this hardcoded default login not to work anymore? Greetings, Roy
Use custom LoginModulePlugin with form based authentication handler
Hello, I would like to know if it's possible to just plug a custom LoginModulePlugin (to use LDAP) while using everything else from the form based authentication handler, as everything works well for me except I have to use LDAP. I've tried to put my LoginModulePlugin into a fragment but it's not used. I see that it's possible with AEM [1] but I'm not sure how to do it with just Sling. I could just fork the bundle but I would like to avoid it. Is it a possible and is a fragment a correct way to do it? I'm also using Sling 7, without OAK, and thus using form bundle 1.0.6. Thank you, Guillaume [1] https://docs.adobe.com/docs/en/crx/2-3/deploying/custom-login-modules.html
Sling Authentication Handler Flow
Hi Team, We need some help in understanding the Authentication Handler. We have developed a simple Authentication Handler and mentioned the path as /j_secutiry_check. But we observed that the request has been processed for both / and /j_security_check paths. *Can we stop the flow in between and send the response back to the user? * According to current implementation if the path is matched, then all the AuthenticationHandlers are executed. But according to OSGI the highest ranking service should be executed. -- SRIKANTH KALVAKOTA
Form-based authentication handler question...
Hi to all! I'm still developing my first Sling project and trying to adapt the very flexible Sling architecture to my needs (i wrote a couple of month ago that i would like to develop a little framework from this first experience, containing a Sling distribution suitable for beginners, and some tutorial on its configuration and usage: i'm still thinking and dreaming of it, even if other necessary-to-live projects of our very-little-startup-company are slowing it). Now my first question is: how can i use the form-based authentication handler? I have done the following: 1) re-build and re-install the Sling Launchpad (i found a very nice Felix Console update! ;-D), so i have the last version installed. 2) build and install the Form-based authentication handler bundle, and configure the Login Form property to /login.html 3) put a simple html page in /login.html, containing just a form with: POST method, /j_security_check action, and j_username, j_password and sling.auth.redirect parameters. It happens the following: - if i go to /login.html i can submit the form (i login as admin-admin), but nothing seems to happen at the authentication level: i'm not logged in, and instead i noted the usual behaviour of Sling POST servlet: a node j_security_check is been created in the repository, with j_username and j_password properties! - if i invoke any other url ending with /j_security_check (such as: /index.html/j_security_check, or /path_to_a_node/j_security_check...) i'm not redirected to the login page, as i read in the doc page: http://sling.apache.org/site/form-based-authenticationhandler.html So, the Form-based authentication handler bundle seems to be inactive (but it is, as Felix Console shows...). How can i use it? Thanks in advance, greetings to all, Fabris.
