Hello Lauri, I got external authentication working, although I think there many differences in my case to what you are trying to do:
I create the external users as magnolia users when they first log in, and update them if already existing. This allows me to "mix" externally supplied ACLs and ACLs set up within Magnolia. Since ACLs depend on and change with the content, it did not make sense to us to "export" these settings to an external system, which does not "know" about the magnolia content. Essentially, I created a LoginModule for Magnolia, and a custom JCRAuthenticationModule for JAAS. Since I create the users in Magnolia, I did not use any custom User class, the Magnolia User works for me. To answer some of your Questions, as far as I am able: - "Realm" in Magnolia, as far as I can tell, refers to the "subsection" of the users Workspace: either "admin", "system" or "public" - ie the type of user. In general, you will want "admin" as the Realm. - A protected area should be configured both "by URL" and "by ACL" - the ACL covers read/write permissions to the repository. It is mainly important for the "authoring" side, preventing access to parts of the site that should not be edited (or viewed) by certain users. The URL configuration is more important for the "public" side, as it is evaluated also if the Repository is not involved, for example because the Page in Question would be served from the cache. Regards from Vienna, Richard -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Magnolia Forums (on behalf of Lauri) Gesendet: Montag, 31. Oktober 2011 10:45 An: Magnolia User List Betreff: [magnolia-user] Is there external authorization/authentication howto available? Hello. Is there step-by-step guide or detailed documentation available on the subject? I'm struggling to connect existing user db to a magnolia managed site. so users could log in to a secure page. It will suffice if a single role would be assigned to such a user. What i've found and made 1) wrote a jaas module for the db. I.e. extend info.magnolia.jaas.sp.AbstractLoginModule 2) configured jaas context. For tomcat its easy as editing jaas.config file. Good example is [url=http://documentation.magnolia-cms.com/modules/ldap.html#jaasconfig]on LDAP connector page[/url]. [code] magnolia { info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional; foo.bar.CustomAuthModule requisite skip_on_previous_success=true; info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required; };[/code] 3) Its [url=http://forum.magnolia-cms.com/forum/thread.html?threadId=07c95ac9-de12-48c6-a353-997047b94e84]been mentioned on forums[/url] that new user manager is required. I've added info.magnolia.cms.security.ExternalUserManager to /server/security/userManagers/external (the external node is a copy of admin one). For now according to logs external authentication checks for password and seems external user manager does some job too (w/o step 3 it used to throw NullPointerException). Though user is not logged in. Problems and questions: 1) CustomAuthModule has couple of roles hardcoded in setACL() including superuser. Still I can't log in to admin console even if authentication succeed 2) What does info.magnolia.cms.security.DummyUser mean? After logging in its mentioned in logs [code]INFO info.magnolia.cms.security.DummyUser : Initializing dummy user - Anonymous INFO info.magnolia.cms.security.DummyUser : This area and/or instance is not secured[/code] 3) Where to read about login and logout html pages, how do I setup it? 4) Is that correct that protected area is configured as "URL" access per role ACL? I've put somthing like a) disallow /site/member-area/* for anonymous role b) allow GET,POST /site/member-area/* for external user role. 5) What is "realm" in terms of magnolia? Its mentioned in jaas.config of the LDAP example. Regards, Lauri. P.s. Environment is windows/jav 1.6/maven based .war/no STK. Autoexport writes bootstrap files to reinit content repositary, though after restart magnolia shows page 404 unless i manually remove config.server*.xml files from bootstrap. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=4ea2d66b-20e4-4468-a6a4-a9a692bd0b7b ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ---------------------------------------------------------------- ---------------------------------------------------------------- For list details see http://www.magnolia-cms.com/community/mailing-lists.html To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
