Re: [xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time

2016-11-09 Thread Thomas Mortagne 
Note: it also mean adding the fields you need in XWikiPreference class.

On Wed, Nov 9, 2016 at 3:12 PM, Thomas Mortagne
 wrote:
> The quick solution is to copy/paste
> https://github.com/xwiki-contrib/ldap/blob/master/ldap-authenticator/src/main/java/org/xwiki/contrib/ldap/XWikiLDAPConfig.java
> class and modify it a bit for the headers authenticator, should not be
> very hard.
>
> On Wed, Nov 9, 2016 at 10:03 AM, m...@ow2.org  wrote:
>> Hi,
>>
>> On of the goal we would like to achieve using XWiki is SSO integration
>> in relation to our openLDAP server, through LemonLDAP::NG
>> (http://www.lemonldap-ng.org/).
>>
>> We have tried with success the extension at
>> http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers
>> but we see a limitation here : it seems not possible to re-configure
>> this extension at run-time from the UI, it means that the instance
>> should be restarted when in the need to alter a configuration option
>> like xwiki.authentication.headers.groups_mapping (and fields_mapping too).
>>
>> The same remark apply to other SSO extensions like Jasig CAS/SAML one.
>>
>> What would be the implication in terms of development power to make
>> those configuration properties available at run-time ? Like it's done
>> within the LDAP Application for example.
>>
>> For a start we don't necessarily need an UI/app but at least the
>> attributes somewhere available in object mode.
>>
>> Another option I see is the possibility to achieve group mapping
>> directly from the LDAP instead of getting it from the headers. That
>> would lead to a combination of the LDAP authenticator and SSO (but at
>> the moment only one authclass can be used at a time).
>>
>> Cheers,
>>
>> Martin
>> ___
>> users mailing list
>> users@xwiki.org
>> http://lists.xwiki.org/mailman/listinfo/users
>
>
>
> --
> Thomas Mortagne



-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

Re: [xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time

2016-11-09 Thread Thomas Mortagne 
The quick solution is to copy/paste
https://github.com/xwiki-contrib/ldap/blob/master/ldap-authenticator/src/main/java/org/xwiki/contrib/ldap/XWikiLDAPConfig.java
class and modify it a bit for the headers authenticator, should not be
very hard.

On Wed, Nov 9, 2016 at 10:03 AM, m...@ow2.org  wrote:
> Hi,
>
> On of the goal we would like to achieve using XWiki is SSO integration
> in relation to our openLDAP server, through LemonLDAP::NG
> (http://www.lemonldap-ng.org/).
>
> We have tried with success the extension at
> http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers
> but we see a limitation here : it seems not possible to re-configure
> this extension at run-time from the UI, it means that the instance
> should be restarted when in the need to alter a configuration option
> like xwiki.authentication.headers.groups_mapping (and fields_mapping too).
>
> The same remark apply to other SSO extensions like Jasig CAS/SAML one.
>
> What would be the implication in terms of development power to make
> those configuration properties available at run-time ? Like it's done
> within the LDAP Application for example.
>
> For a start we don't necessarily need an UI/app but at least the
> attributes somewhere available in object mode.
>
> Another option I see is the possibility to achieve group mapping
> directly from the LDAP instead of getting it from the headers. That
> would lead to a combination of the LDAP authenticator and SSO (but at
> the moment only one authclass can be used at a time).
>
> Cheers,
>
> Martin
> ___
> users mailing list
> users@xwiki.org
> http://lists.xwiki.org/mailman/listinfo/users



-- 
Thomas Mortagne
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users

[xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time

2016-11-09 Thread m...@ow2.org 
Hi,

On of the goal we would like to achieve using XWiki is SSO integration
in relation to our openLDAP server, through LemonLDAP::NG
(http://www.lemonldap-ng.org/).

We have tried with success the extension at
http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers
but we see a limitation here : it seems not possible to re-configure
this extension at run-time from the UI, it means that the instance
should be restarted when in the need to alter a configuration option
like xwiki.authentication.headers.groups_mapping (and fields_mapping too).

The same remark apply to other SSO extensions like Jasig CAS/SAML one.

What would be the implication in terms of development power to make
those configuration properties available at run-time ? Like it's done
within the LDAP Application for example.

For a start we don't necessarily need an UI/app but at least the
attributes somewhere available in object mode.

Another option I see is the possibility to achieve group mapping
directly from the LDAP instead of getting it from the headers. That
would lead to a combination of the LDAP authenticator and SSO (but at
the moment only one authclass can be used at a time).

Cheers,

Martin
___
users mailing list
users@xwiki.org
http://lists.xwiki.org/mailman/listinfo/users