Summary

• Page properties (3 modified, 0 added, 0 removed)

Details

Page properties

Title

...	...	@@ -1,0 +1,1 @@
	1	+User Authentication

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.SilviaRusu
	1	+XWiki.CalebJamesDeLisle

Content

...	...	@@ -1,8 +3,6 @@
1		-= User Authentication =
2		-
3	3	XWiki supports several different authentication mechanisms for authenticating users:
4	4
5		-{{toc start="" depth="" numbered=""/}}
	3	+{{toc/}}
6	6
7	7	The form authentication is the default mechanism.
8	8
...	...	@@ -10,17 +10,17 @@
10	10	Note that currently XWiki allows only one method of authentication to be enabled at a time. This will probably be improved in the future.
11	11	{{/info}}
12	12
13		-== Form Authentication ==
	11	+= Form Authentication =
14	14
15	15	TODO
16	16
17		-== LDAP Authentication ==
	15	+= LDAP Authentication =
18	18
19	19	{{warning}}
20	20	New LDAP implementation since XWiki Platform 1.3M2, see [[previous LDAP authentication service documentation>>AuthenticationLdapOld]]
21	21	{{/warning}}
22	22
23		-=== Generic LDAP configuration ===
	21	+== Generic LDAP configuration ==
24	24
25	25	In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows:
26	26
...	...	@@ -95,7 +95,7 @@
95	95	{{/code}}
96	96
97	97	{{info}}
98		-You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace
	96	+You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace "xwiki.authentication.ldap." by "ldap_". For example ##xwiki.authentication.ldap.base_DN## becomes ##ldap_base_DN##
99	99	{{/info}}
100	100
101	101	For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
...	...	@@ -105,11 +105,11 @@
105	105	* [[Apache Directory Studio>>http://directory.apache.org/studio/]]
106	106	* [[LDAP Browser/Editor>>http://www-unix.mcs.anl.gov/gawor/ldap/]]
107	107
108		-=== Detailed use cases ===
	106	+== Detailed use cases ==
109	109
110	110	See [[LDAP configuration uses cases>>LDAPAuthenticationUseCases]] for some detailed use cases.
111	111
112		-=== Enable LDAP debug log ===
	110	+== Enable LDAP debug log ==
113	113
114	114	See [[AdminGuide.Logging]]. The specific targets for LDAP authentication are:
115	115
...	...	@@ -118,11 +118,11 @@
118	118	log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug
119	119	{{/code}}
120	120
121		-== eXo Authentication ==
	119	+= eXo Authentication =
122	122
123	123	The eXo authentication is used automatically by adding/editing the //xwiki.exo=1// property in //WEB-INF/xwiki.cfg//.
124	124
125		-== Custom Authentication ==
	123	+= Custom Authentication =
126	126
127	127	This allows plugging to any existing authentication mechanism such as SiteMinder, etc. To configure a custom authentication do the following:
128	128
...	...	@@ -147,7 +147,7 @@
147	147	xwiki.authentication.groupclass = com.acme.MyCustomGroupService
148	148	{{/code}}
149	149
150		-=== Custom Authentication using a Groovy script in a wiki page ===
	148	+== Custom Authentication using a Groovy script in a wiki page ==
151	151
152	152	Start by specifying you want to use the Groovy Authenticator:
153	153
...	...	@@ -163,7 +163,7 @@
163	163
164	164	Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
165	165
166		-== Authentication parameters ==
	164	+= Authentication parameters ===
167	167
168	168	You can set each of these parameters by setting:
169	169
...	...	@@ -183,17 +183,17 @@
183	183	|encryptionpadding|Yes|?|?|Set the Encryption Padding used to encrypt and decrypt cookies
184	184	|errorpage|Yes|String|/bin/loginerror/ XWiki/XWikiLogin|Page to redirect to if there is an error logging in
185	185	|loginpage|Yes|String|/bin/login/ XWiki/XWikiLogin|Page to redirect to when not logged in
186		-|loginsubmitpage|Yes|String|/loginsubmit/ XWiki/XWikiLogin|?
	184	+|loginsubmitpage|Yes|String|/loginsubmit/ XWiki/XWikiLogin|The URL where the username and password are posted to when logging in.
187	187	|logoutpage|Yes|String|/bin/logout/ XWiki/XWikiLogout|Page to redirect to after logged out
188	188	|realmname|Yes|String|XWiki|Sets the realm name
189	189	|protection|Yes|all, validation, encryption, none|all|Protection level for the "remember me" cookie functionality
190		-|unauthorized_code|Yes|?|?|?
	188	+|unauthorized_code|Yes|Number|401|The HTTP status code to return when the login has failed.
191	191	|useip|Yes|true / false|true|Specify to use the IP address when encrypting the cookie data; if IP address changes will need to re-login.
192	192
193	193	1. Only required if protection = encryption or all (default)
194	194	1. Only required if protection = validation or all (default)
195	195
196		-== Kerberos SSO Authentication ==
	194	+= Kerberos SSO Authentication =
197	197
198	198	{{warning}}
199	199	This implementation of SSO is currently under review see: http://jira.xwiki.org/jira/browse/XWIKI-2496 . The class which is described in this segment of documentation, AppServerTrustedKerberosAuthServiceImpl, is not part of the default XWiki distribution!
...	...	@@ -258,7 +258,7 @@
258	258
259	259	2 JBoss SPNEGO (Kerberos in combination with LDAP) I changed the code of the XWikiLDAPAuthServiceImpl to be able to detect the sso user. The authenication already happend by using the SPNEGO module (JAAS). After that I'm using the ldap synchronisation feature to make sure that the user is up to date. The combination leads to an automatic login in the xwiki and the user rights are controlled in the Active Directory server. I hope you can adopt this code or that you can use it for your own projects.
260	260
261		-The configuration of ldap;
	259	+The configuration of ldap:
262	262
263	263	{{code}}
264	264	xwiki.authentication.authclass=com.wiki.sso.SSOLdapAuthenicationImpl