[xwiki-users] How to solve Xwiki SAML authentication
I found out that Xwiki SAML module from
https://github.com/xwiki-contrib/sandbox/tree/master/authenticators/xwiki-authentication-saml
differs significantly from what I have. It works according to:
http://docs.oasis-open.org/wsfed/federation/v1.2/os/ws-federation-1.2-spec-os.html
And is implemented in .Net:
http://msdn.microsoft.com/en-us/library/ee517291.aspx
http://msdn.microsoft.com/en-us/library/bb498017.aspx
http://msdn.microsoft.com/en-us/library/bb608217.aspx
Even though by standard I should use location parameter in response
parameters, actually it can be invoked with GET/POST parameters, e.g.
simply by following:
https://...gov.lv/.../default.aspx?wa=wsignin1.0&wtrealm=http%3A%2F%
2F11.22.33.44%2Fxwiki
where gov.lv is authentication federation service, and 11.22.33.44 is
my xwiki site.
Then after authentication service redirects back to xwiki with POST
parameters:
wa=
wsignin1.0
wresult=
=
http://docs.oasis-open.org/ws-sx/ws-trust/200512";>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2013-04-11T12:41:15.525Z
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>2013-04-11T13:41:15.525Z
http://schemas.xmlsoap.org/ws/2004/09/policy";>
http://www.w3.org/2005/08/addressing";>
http://11.22.33.44/xwiki
http://...gov.lv/trust";
IssueInstant="2013-04-11T12:41:15.525Z"
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
http://11.22.33.44/xwiki
urn:oasis:names:tc:SAML:1.0:cm:bearer
http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
112233-12345
http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
VALDIS
http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
VĪTOLIŅŠ
urn:oasis:names:tc:SAML:1.0:cm:bearer
http://www.w3.org/2000/09/xmldsig#";>
http://www.w3.org/2001/10/xml-exc-c14n#"; />
http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />
http://www.w3.org/2001/10/xml-exc-c14n#"; />
http://www.w3.org/2000/09/xmldsig#sha1"; />
HU3/uQFbvSciSkPXxQURI+hUkNU=
...
http://www.w3.org/2000/09/xmldsig#";>
...
...Bla, bla, bla...
=
Am I right, that I need to change:
1. showLogin() where most of authRequest.set... seems unnecessary,
2. checkSAMLResponse() where I need to do
request.getParameter("wresult") and somehow extract out necessary data
and check them from this XML.
Thanks for any hints!
Valdis
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XE's Antivirus plugin for attached files
Hi, I remember this exact plugin being written for a project I worked on something like 3 years ago. IIRC, the test was actually made before letting an user download a file: if the file was deemed dangerous by the antivirus, the user was presented with a message saying that they were not allowed to download the file and a mail message was sent to the administrator. Unfortunately I can't find the code on extensions, I'll try to see if I can still find it somewhere. Guillaume On Thu, Apr 11, 2013 at 9:52 AM, Marius Dumitru Florea < mariusdumitru.flo...@xwiki.com> wrote: > One solution is to write an event listener component (for save event > for instance) that checks if an attachment is uploaded and scans it > using your antivirus API. Unfortunately the documentation is a bit > outdated > http://extensions.xwiki.org/xwiki/bin/view/Extension/Observation+Module+Local > . > > Maybe others have better suggestions. > > Hope this helps, > Marius > > On Thu, Apr 11, 2013 at 12:21 AM, Ramon Gomes Brandão > wrote: > > Hi XWiki Devs/Community, > > > > We're planning a deploy of XE on our Enterprise (a brazilian government > > agency) as the main intranet tool, for about 400 heavy users (in thesis, > > they'll generate a lot of content). We're sure that XE can handle it > > smoothly and it will bring a LOT of help on the day-to-day work of our > > office. > > > > We're doing some optimizations and fine tunning for the deploy in > > production. Meanwhile, we're facing some troubles with our workstations's > > antivirus tools, which brings me some concerns about the attachment > files on > > the filesystems. Trying to address a potential problem (users using > attached > > files to spread infected files to other users and, worst, other > government > > agencies, which have also critical mission like ours), I would like to > use > > the same approach we use on our other systems we've built at home: > calling > > an AV engine (such as our cluster of ClamAV servers) from the webapp (we > > already use some java API for this, on our web apps) to scan every file > > being uploaded and before being attached to the wiki, and show some > message > > to the user, in case of some trouble. > > > > I've searched for some plugin or initiative about this, but couldn't find > > any. Is there any going on? If not, from where can I start and what > should I > > put under consideration, in order to > > guide our dev staff to plug it in xwiki's core as a plugin/extension? > > > > Forgive myself in advance if this information is located somewhere on the > > documentation and I couldn't find it. > > > > Best Regards, > > > > -- > > Ramon Gomes Brandão > > > > ** > > > > ** > > > > *RAMON GOMES BRANDÃO* > > > > > > ___ > > users mailing list > > users@xwiki.org > > http://lists.xwiki.org/mailman/listinfo/users > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] XE's Antivirus plugin for attached files
One solution is to write an event listener component (for save event for instance) that checks if an attachment is uploaded and scans it using your antivirus API. Unfortunately the documentation is a bit outdated http://extensions.xwiki.org/xwiki/bin/view/Extension/Observation+Module+Local . Maybe others have better suggestions. Hope this helps, Marius On Thu, Apr 11, 2013 at 12:21 AM, Ramon Gomes Brandão wrote: > Hi XWiki Devs/Community, > > We're planning a deploy of XE on our Enterprise (a brazilian government > agency) as the main intranet tool, for about 400 heavy users (in thesis, > they'll generate a lot of content). We're sure that XE can handle it > smoothly and it will bring a LOT of help on the day-to-day work of our > office. > > We're doing some optimizations and fine tunning for the deploy in > production. Meanwhile, we're facing some troubles with our workstations's > antivirus tools, which brings me some concerns about the attachment files on > the filesystems. Trying to address a potential problem (users using attached > files to spread infected files to other users and, worst, other government > agencies, which have also critical mission like ours), I would like to use > the same approach we use on our other systems we've built at home: calling > an AV engine (such as our cluster of ClamAV servers) from the webapp (we > already use some java API for this, on our web apps) to scan every file > being uploaded and before being attached to the wiki, and show some message > to the user, in case of some trouble. > > I've searched for some plugin or initiative about this, but couldn't find > any. Is there any going on? If not, from where can I start and what should I > put under consideration, in order to > guide our dev staff to plug it in xwiki's core as a plugin/extension? > > Forgive myself in advance if this information is located somewhere on the > documentation and I couldn't find it. > > Best Regards, > > -- > Ramon Gomes Brandão > > ** > > ** > > *RAMON GOMES BRANDÃO* > > > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] how to modify for feed entries?
I found the issue http://jira.xwiki.org/browse/XWIKI-2149 . Read the comments.
Hope this helps,
Marius
On Thu, Apr 11, 2013 at 1:11 AM,
wrote:
> Hi!
>
>>
>> From: users-boun...@xwiki.org [users-boun...@xwiki.org] On Behalf Of Marius
>> Dumitru Florea [mariusdumitru.flo...@xwiki.com]
>> Sent: 05 April 2013 11:01
>> To: XWiki Users
>> Subject: Re: [xwiki-users] how to modify for feed entries?
>>
>> Hi Ricardo,
>>
>> On Fri, Mar 29, 2013 at 6:48 PM,
>> wrote:
>>> Sorry for coming back with a new question on this. I think I'm getting
>>> closer to understand how RSS feeds work in XWiki, but I do need the help of
>>> the community.
>>>
>>> I'm now usinga XE 4.3 installation. I'm able to customize
>>> elements easily by editing, for instance, Main.WebRss, but, please, how to
>>> customize elements? For instance, how to customize
>>> element?
>>
>> You could try to use [1] $xwiki.feed.getSyndEntryDocumentSource($map)
>> or [2] $xwiki.feed.getSyndEntrySource('Space.YouClass', $map) to
>> specify how the document/class is mapped to a feed item. Then you have
>> to pass the returned object to one of the available [3]
>> $xwiki.feed.getFeed(...) methods.
>>
>> [1]
>> http://maven.xwiki.org/site/docs/xwiki-javadoc-4.5.x/com/xpn/xwiki/plugin/feed/FeedPluginApi.html#getSyndEntryDocumentSource(java.util.Map)
>> [2]
>> http://maven.xwiki.org/site/docs/xwiki-javadoc-4.5.x/com/xpn/xwiki/plugin/feed/FeedPluginApi.html#getSyndEntrySource(java.lang.String,%20java.util.Map)
>> [3]
>> http://maven.xwiki.org/site/docs/xwiki-javadoc-4.5.x/com/xpn/xwiki/plugin/feed/FeedPluginApi.html
>>
>> There was an old JIRA issue which described in details this API but I
>> can't find it now..
>>
>
> Marius, I'm not able to find such a JIRA issue neither, but I found these
> entries in the xwiki.devs list...
>
> http://xwiki.markmail.org/search/getSyndEntrySource+list:org.xwiki.devs
>
> Could this be the stuff you are speaking about? I'll follow this threads!
>
> Any comment will be welcome! Thanks!
>
>> Hope this helps,
>> Marius
>>
>>>
>>> Thank you so much for your help!
>>>
>>> Ricardo
>>>
>>> --
>>> Ricardo Rodríguez
>>> Research Management and Promotion Technician
>>> Technical Secretariat
>>> Health Research Institute of Santiago de Compostela (IDIS)
>>> http://www.idisantiago.es
>>>
>>> Nota: A información contida nesta mensaxe e os seus posibles documentos
>>> adxuntos é privada e confidencial e está dirixida únicamente ó seu
>>> destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe,
>>> por favor elimínea. A distribución ou copia desta mensaxe non está
>>> autorizada.
>>>
>>> Nota: La información contenida en este mensaje y sus posibles documentos
>>> adjuntos es privada y confidencial y está dirigida únicamente a su
>>> destinatario/a. Si usted no es el/la destinatario/a original de este
>>> mensaje, por favor elimínelo. La distribución o copia de este mensaje no
>>> está autorizada.
>>>
>>> See more languages: http://www.sergas.es/aviso_confidencialidad.htm
>>> ___
>>> users mailing list
>>> users@xwiki.org
>>> http://lists.xwiki.org/mailman/listinfo/users
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>
> Nota: A información contida nesta mensaxe e os seus posibles documentos
> adxuntos é privada e confidencial e está dirixida únicamente ó seu
> destinatario/a. Se vostede non é o/a destinatario/a orixinal desta mensaxe,
> por favor elimínea. A distribución ou copia desta mensaxe non está autorizada.
>
> Nota: La información contenida en este mensaje y sus posibles documentos
> adjuntos es privada y confidencial y está dirigida únicamente a su
> destinatario/a. Si usted no es el/la destinatario/a original de este mensaje,
> por favor elimínelo. La distribución o copia de este mensaje no está
> autorizada.
>
> See more languages: http://www.sergas.es/aviso_confidencialidad.htm
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
