Re: [xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time
Note: it also mean adding the fields you need in XWikiPreference class. On Wed, Nov 9, 2016 at 3:12 PM, Thomas Mortagne wrote: > The quick solution is to copy/paste > https://github.com/xwiki-contrib/ldap/blob/master/ldap-authenticator/src/main/java/org/xwiki/contrib/ldap/XWikiLDAPConfig.java > class and modify it a bit for the headers authenticator, should not be > very hard. > > On Wed, Nov 9, 2016 at 10:03 AM, m...@ow2.org wrote: >> Hi, >> >> On of the goal we would like to achieve using XWiki is SSO integration >> in relation to our openLDAP server, through LemonLDAP::NG >> (http://www.lemonldap-ng.org/). >> >> We have tried with success the extension at >> http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers >> but we see a limitation here : it seems not possible to re-configure >> this extension at run-time from the UI, it means that the instance >> should be restarted when in the need to alter a configuration option >> like xwiki.authentication.headers.groups_mapping (and fields_mapping too). >> >> The same remark apply to other SSO extensions like Jasig CAS/SAML one. >> >> What would be the implication in terms of development power to make >> those configuration properties available at run-time ? Like it's done >> within the LDAP Application for example. >> >> For a start we don't necessarily need an UI/app but at least the >> attributes somewhere available in object mode. >> >> Another option I see is the possibility to achieve group mapping >> directly from the LDAP instead of getting it from the headers. That >> would lead to a combination of the LDAP authenticator and SSO (but at >> the moment only one authclass can be used at a time). >> >> Cheers, >> >> Martin >> ___ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users > > > > -- > Thomas Mortagne -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
Re: [xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time
The quick solution is to copy/paste https://github.com/xwiki-contrib/ldap/blob/master/ldap-authenticator/src/main/java/org/xwiki/contrib/ldap/XWikiLDAPConfig.java class and modify it a bit for the headers authenticator, should not be very hard. On Wed, Nov 9, 2016 at 10:03 AM, m...@ow2.org wrote: > Hi, > > On of the goal we would like to achieve using XWiki is SSO integration > in relation to our openLDAP server, through LemonLDAP::NG > (http://www.lemonldap-ng.org/). > > We have tried with success the extension at > http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers > but we see a limitation here : it seems not possible to re-configure > this extension at run-time from the UI, it means that the instance > should be restarted when in the need to alter a configuration option > like xwiki.authentication.headers.groups_mapping (and fields_mapping too). > > The same remark apply to other SSO extensions like Jasig CAS/SAML one. > > What would be the implication in terms of development power to make > those configuration properties available at run-time ? Like it's done > within the LDAP Application for example. > > For a start we don't necessarily need an UI/app but at least the > attributes somewhere available in object mode. > > Another option I see is the possibility to achieve group mapping > directly from the LDAP instead of getting it from the headers. That > would lead to a combination of the LDAP authenticator and SSO (but at > the moment only one authclass can be used at a time). > > Cheers, > > Martin > ___ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users -- Thomas Mortagne ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
[xwiki-users] SSO extensions, LDAP mapping, configuration availability at run-time
Hi, On of the goal we would like to achieve using XWiki is SSO integration in relation to our openLDAP server, through LemonLDAP::NG (http://www.lemonldap-ng.org/). We have tried with success the extension at http://extensions.xwiki.org/xwiki/bin/view/Extension/XWiki+Authenticator+Headers but we see a limitation here : it seems not possible to re-configure this extension at run-time from the UI, it means that the instance should be restarted when in the need to alter a configuration option like xwiki.authentication.headers.groups_mapping (and fields_mapping too). The same remark apply to other SSO extensions like Jasig CAS/SAML one. What would be the implication in terms of development power to make those configuration properties available at run-time ? Like it's done within the LDAP Application for example. For a start we don't necessarily need an UI/app but at least the attributes somewhere available in object mode. Another option I see is the possibility to achieve group mapping directly from the LDAP instead of getting it from the headers. That would lead to a combination of the LDAP authenticator and SSO (but at the moment only one authclass can be used at a time). Cheers, Martin ___ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users