Re: OpenID authenticationhandler j_security_check

Thu, 04 Nov 2010 22:06:37 -0700 

Hi Felix,

With a little delay for I have been away for a few days.
- just checked out the new open ID and auth core
- tried it
=>
  * the open ID form has action="${requestContextPath}/j_security_check"
     this did not work
     changing that to "${resource}" makes it work
* on remaining problem: if the requestContext is non-empty, that is, if you run sling as a webapp on a tomcat, the authentication handler nicely redirects you to the identity provider, the returnTo 
    is correct, but on the sling application it falls back to:

             final OpenIdUser user = discover(relyingParty, request);

            // no OpenID user in the request, check whether this is an
            // OpenID response at all
            if (user == null) {

                if (RelyingParty.isAuthResponse(request)) {

                    log.debug("OpenID authentication timeout");
                    System.out.println("OpenID authentication timeout");

                    // response.sendRedirect(request.getRequestURI());
                    return AuthenticationInfo.DOING_AUTH;
                    }
I do not understand why that is, for all the openid parameters are transferred correctly on the returnTo. Yet the handler finds no user information. 

 I will let you know if I find out more.

Kind regards,
Jos



On 11/01/2010 08:50 PM, Felix Meschberger wrote:

Hi,

I have fixed SLING-1855 in trunk as well as the corrollary issue
SLING-1856 in trunk. To get the fix you will have to update the Sling
Authentication Core and OpenID Authentication bundles to the latest
trunk SNAPSHOTs.

Regards
Felix

Am Mittwoch, den 27.10.2010, 11:53 +0200 schrieb Jos Snellings:

Dear sling users,

Problem, just observed:
- activated OpenID authentication handler on content tree "noanonymous"
         =>  when accessing a resource, sling correctly displays the
OpenID login form
         however, the login form contains a form action:
<form id="loginform" method="POST" action="/j_security_check"
          enctype="multipart/form-data" accept-charset="UTF-8">

When posting this form back, sling says:


   Error while processing /j_security_check

Status  
500
Message         
javax.jcr.AccessDeniedException: /j_security_check/openid_identifier:
not allowed to add or modify item
Location        /j_security_check<http://localhost:8080/j_security_check>
Parent Location         /<http://localhost:8080/>
Path    
/j_security_check
Referer         http://localhost:8080/system/sling/openid/login
ChangeLog       

created("/j_security_check");
modified("/j_security_check/openid_identifier");



So it is the POST servlet who took the request and not the
authentication handler, or ... j_security_check is not recognized.
What did I overlook?

Thanks!
Jos

Reply via email to