Change comment:
Added doc for Groovy authenticator
Summary
-
Page properties (2 modified, 0 added, 0 removed)
Details
- Page properties
-
- Author
-
... ... @@ -1,1 +1,1 @@ 1 -XWiki. jek1 +XWiki.VincentMassol - Content
-
... ... @@ -264,158 +264,3 @@ 264 264 265 265 If you use Firefox, do not forget to whitelist the xwiki URL for HTTP Negotiate in about:config with the "network.negotiate-auth.trusted-uris" property. possible values for this propperty include (without the quotes): "https://" for all secured connections or "example.com" for all example.com subdomains. 266 266 267 - 268 - 269 -2 JBoss SPNEGO (Kerberos in combination with LDAP) 270 -I changed the code of the XWikiLDAPAuthServiceImpl to be able to detect the sso user. 271 -The authenication already happend by using the SPNEGO module (JAAS). 272 -After that I'm using the ldap synchronisation feature to make sure that the user is up to date. 273 -The combination leads to an automatic login in the xwiki and the user rights are controlled in the Active Directory server. 274 -I hope you can adopt this code or that you can use it for your own projects. 275 - 276 -The configuration of ldap; 277 -{code} 278 -xwiki.authentication.authclass=com.wiki.sso.SSOLdapAuthenicationImpl 279 -xwiki.authentication.ldap=1 280 -xwiki.authentication.ldap.server=<ad-server> 281 -xwiki.authentication.ldap.port=389 282 -xwiki.authentication.ldap.base_DN=<OU=Users,...............> 283 -#use a fixed user to attach to the ldap database, 284 -#the password is not provided with the SSOLdapAuthenicationImpl 285 -xwiki.authentication.ldap.bind_DN=<domain>\\<user> 286 -xwiki.authentication.ldap.bind_pass=<password> 287 -#Microsoft AD configuration 288 -xwiki.authentication.ldap.UID_attr=sAMAccountName 289 -xwiki.authentication.ldap.fields_mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,mail=mail,ldap_dn=dn 290 -xwiki.authentication.ldap.group_memberfields=member,uniqueMember 291 -#LDAP group mapping 292 -xwiki.authentication.ldap.group_mapping=XWiki.XWikiAdminGroup=CN=WIKI_Admin,............|\ 293 - XWiki.XWikiAllGroup=CN=WIKI_User,........... 294 - 295 -{code} 296 -The java code 297 -{code} 298 -package com.wiki.sso; 299 - 300 - 301 -import org.apache.commons.logging.Log; 302 -import org.apache.commons.logging.LogFactory; 303 - 304 -import com.xpn.xwiki.XWikiContext; 305 -import com.xpn.xwiki.XWikiException; 306 -import com.xpn.xwiki.user.api.XWikiUser; 307 -import com.xpn.xwiki.user.impl.LDAP.XWikiLDAPAuthServiceImpl; 308 - 309 -import java.security.Principal; 310 - 311 -public class SSOLdapAuthenicationImpl extends XWikiLDAPAuthServiceImpl { 312 - /** 313 - * Logging tool. 314 - */ 315 - private static final Log LOG = LogFactory.getLog(SSOLdapAuthenicationImpl.class); 316 - 317 - 318 - public XWikiUser checkAuth(XWikiContext context) throws XWikiException { 319 - String user = getRemoteUser(context); 320 - if ((user != null) || !user.equals("")) { 321 - if (LOG.isInfoEnabled()) 322 - LOG.info("Launching create user for " + user); 323 - if ( authenticate(user, context) != null ) { 324 - if (LOG.isInfoEnabled()) 325 - LOG.info("Create user done for " + user); 326 - user = "XWiki." + user; 327 - context.setUser(user); 328 - System.out.println("User is set to:" + user); 329 - return new XWikiUser(user); 330 - } else { 331 - LOG.error( "User " + user + " can't be authenticated against ldap" ); 332 - } 333 - } 334 - return super.checkAuth(context); 335 - } 336 - 337 - /** 338 - * We cannot authenticate locally since we need to trust the app server for 339 - * authentication 340 - * 341 - * @param username 342 - * @param password 343 - * @param context 344 - * @return 345 - * @throws XWikiException 346 - */ 347 - public XWikiUser checkAuth(String username, String password, 348 - String rememberme, XWikiContext context) throws XWikiException { 349 - String user = getRemoteUser(context); 350 - if ((user == null) || user.equals("")) { 351 - return super.checkAuth(username, password, rememberme, context); 352 - } 353 - return checkAuth(context); 354 - } 355 - 356 - private String getRemoteUser(XWikiContext context) { 357 - String userName = context.getRequest().getHttpServletRequest() 358 - .getRemoteUser(); 359 - if (userName != null) { 360 - // only take the front of the username@domain 361 - String[] elements = userName.split("@", 2); 362 - userName = elements[0]; 363 - } 364 - return userName; 365 - } 366 - 367 - public Principal authenticate(String login, XWikiContext context) throws XWikiException 368 - { 369 - if (LOG.isTraceEnabled()) { 370 - LOG.trace("Starting LDAP authentication"); 371 - } 372 - 373 - /* 374 - * TODO: Put the next 4 following "if" in common with XWikiAuthService to ensure coherence This method was 375 - * returning null on failure so I preserved that behaviour, while adding the exact error messages to the context 376 - * given as argument. However, the right way to do this would probably be to throw XWikiException-s. 377 - */ 378 - 379 - if (login == null) { 380 - // If we can't find the username field then we are probably on the login screen 381 - 382 - if (LOG.isDebugEnabled()) { 383 - LOG.debug("The provided user is null." 384 - + " We don't try to authenticate, it probably means the user is in non logged mode."); 385 - } 386 - 387 - return null; 388 - } 389 - 390 - // Check for empty usernames 391 - if (login.equals("")) { 392 - context.put("message", "nousername"); 393 - 394 - if (LOG.isDebugEnabled()) { 395 - LOG.debug("LDAP authentication failed: login empty"); 396 - } 397 - 398 - return null; 399 - } 400 - 401 - // If we have the context then we are using direct mode 402 - // then we should specify the database 403 - // This is needed for virtual mode to work 404 - Principal principal = null; 405 - 406 - // Try authentication against ldap 407 - principal = ldapAuthenticate(login, "", context); 408 - 409 - if (LOG.isDebugEnabled()) { 410 - if (principal != null) { 411 - LOG.debug("LDAP authentication succeed with principal [" + principal.getName() + "]"); 412 - } else { 413 - LOG.debug("LDAP authentication failed for user [" + login + "]"); 414 - } 415 - } 416 - 417 - return principal; 418 - } 419 -} 420 -{code} 421 -
