Summary

• Page properties (2 modified, 0 added, 0 removed)
• Objects (1 modified, 0 added, 0 removed)
  • XWiki.XWikiComments[10]

Details

Page properties

Author

...	...	@@ -1,1 +1,1 @@
1		-XWiki.ManuelSmeria
	1	+XWiki.ThomasMortagne

Content

...	...	@@ -2,8 +2,10 @@
2	2
3	3	{{toc/}}
4	4
	5	+The form authentication is the default mechanism.
	6	+
5	5	{{info}}
6		-XWiki currently allows only one method of authentication to be enabled at a time. This will probably be improved in the future.
	8	+Note that currently XWiki allows only one method of authentication to be enabled at a time. This will probably be improved in the future.
7	7	{{/info}}
8	8
9	9	= Form Authentication =
...	...	@@ -12,7 +12,7 @@
12	12
13	13	= Basic Authentication =
14	14
15		-XWiki supports [[basic access authentication>>http://en.wikipedia.org/wiki/Basic_access_authentication]], a method designed to allow a web browser or other client programs to provide credentials - in the form of a user name and password - when making a request. You can get authenticated against an XWiki server with the basic authentication protocol using the following URL scheme:
	17	+XWiki supports [basic access authentication>http://en.wikipedia.org/wiki/Basic_access_authentication], a method designed to allow a Web browser, or other client program, to provide credentials - in the form of a user name and password - when making a request. You can get authenticated against an XWiki server with the basic authentication protocol using the following URL scheme:
16	16
17	17	{{code}}
18	18	http://username:password@mywiki.xwiki.com/xwiki/bin/view/Main/WebHome?basicauth=1
...	...	@@ -19,15 +19,19 @@
19	19	{{/code}}
20	20
21	21	{{warning}}
22		-Be careful that if you use the ##HTTP## protocol your password will be sent in clear over the network and is thus very unsafe. When using basic authentication you should make sure your wiki is configured to use ##HTTPS##.
	24	+Be careful that if you use the ##HTTP## protocol your password will be sent in clear over the network and is thus very unsafe. When using Basic Authentication you should make sure your wiki is configured to use ##HTTPS##.
23	23	{{/warning}}
24	24
25	25	= Social Login =
26	26
27		-See the [[Social Login Application>>extensions:Extension.Social Login Application]].
	29	+See the [[Social Login Extension>>extensions:Extension.Social Login]].
28	28
29	29	= LDAP Authentication =
30	30
	33	+{{warning}}
	34	+New LDAP implementation since XWiki Platform 1.3M2, see [[previous LDAP authentication service documentation>>AuthenticationLdapOld]]
	35	+{{/warning}}
	36	+
31	31	== Generic LDAP configuration ==
32	32
33	33	In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows:
...	...	@@ -43,7 +43,7 @@
43	43	# xwiki.authentication.ldap=1
44	44	{{/code}}
45	45
46		-You can setup the LDAP configuration in the **xwiki.cfg** file by filling the following properties:
	52	+You can setup the LDAP configuration in the //xwiki.cfg// file by filling the following properties:
47	47
48	48	{{code language="properties"}}
49	49	#-# LDAP Server (Active Directory, eDirectory, OpenLDAP, etc.)
...	...	@@ -160,25 +160,25 @@
160	160	{{/code}}
161	161
162	162	{{info}}
163		-You can also setup the LDAP configuration in the XWiki.XWikiPreferences page by going to the object editor. Simply replace **xwiki.authentication.ldap.** with **ldap_**. For example ##xwiki.authentication.ldap.base_DN## becomes ##ldap_base_DN##.
	169	+You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace "xwiki.authentication.ldap." by "ldap_". For example ##xwiki.authentication.ldap.base_DN## becomes ##ldap_base_DN##.
164	164	{{/info}}
165	165
166	166	For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
167	167
168		-Here are some LDAP clients for checking your configuration:
	174	+Here are some LDAP client for checking your configuration:
169	169
170	170	Java based and Open Source:
171	171
172	172	* [[Apache Directory Studio>>http://directory.apache.org/studio/]]
173		-* [[JXplorer>>http://jxplorer.org/]]
	179	+* [[JXplorer>>http://jxplorer.org]]
174	174
175	175	Windows only:
176	176
177		-* [[Softerra LDAP Browser>>http://www.ldapbrowser.com/info_softerra-ldap-browser.htm]]
	183	+* [[Softerra LDAP Browser>>http://www.ldapbrowser.com/download.htm]]
178	178
179	179	== Detailed use cases ==
180	180
181		-See the [[LDAP configuration uses cases>>LDAPAuthenticationUseCases]] for some detailed use cases.
	187	+See [[LDAP configuration uses cases>>LDAPAuthenticationUseCases]] for some detailed use cases.
182	182
183	183	== Enable LDAP debug log ==
184	184
...	...	@@ -216,11 +216,11 @@
216	216	xwiki.authentication.authclass = com.acme.MyCustomAuthenticationService
217	217	{{/code}}
218	218
219		-You can find various [[authenticators examples>>https://github.com/xwiki-contrib/sandbox/tree/master/authenticators]].
	225	+You can find various authenticators examples on [[https://github.com/xwiki-contrib/sandbox/blob/master/authenticators/]].
220	220
221	221	Here's a [[tutorial on implementing a custom authentication class for authenticating against Oracle's SSO>>http://bodez.wordpress.com/2008/10/15/xwiki-user-authentication-with-oracle-sso/]].
222	222
223		-Note, that you can also implement own right management service by implementing the {{scm path="xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/api/XWikiRightService.java"}}XWikiRightService{{/scm}} interface:
	229	+Note, that you also can implement own right management service by implementing {{scm path="xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/user/api/XWikiRightService.java"}}XWikiRightService{{/scm}} interface:
224	224
225	225	{{code language="properties"}}
226	226	xwiki.authentication.rightsclass = com.acme.MyCustomRightsService
...	...	@@ -246,7 +246,7 @@
246	246	xwiki.authentication.groovy.pagename = MySpace.MyPage
247	247	{{/code}}
248	248
249		-Then put some Groovy code in a wiki page that returns a XWikiAuthService object.
	255	+Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
250	250
251	251	= Authentication parameters =
252	252
...	...	@@ -284,7 +284,7 @@
284	284	This implementation of SSO is currently under review see: http://jira.xwiki.org/jira/browse/XWIKI-2496 . The class which is described in this segment of documentation, AppServerTrustedKerberosAuthServiceImpl, is not part of the default XWiki distribution!
285	285	{{/warning}}
286	286
287		-The following is an example of **mod_auth_kerb** for Apache being used to easily implement XWiki authentication of users via HTTP Negotiate on a linux server. This example assumes you already have a working Apache2 HTTPD and Apache Tomcat setup with mod_jk.
	293	+The following is an example of mod_auth_kerb for Apache being used to easily implement Xwiki authentication of users via by HTTP Negotiate on a linux server. This example assumes you already have a working Apache2 HTTPD and Apache Tomcat setup with mod_jk.
288	288
289	289	First of all you need to create a principal and keytab for the webserver:
290	290
...	...	@@ -302,7 +302,7 @@
302	302	chmod 400 /etc/apache2/ssl/wiki.keytab
303	303	{{/code}}
304	304
305		-Install **mod_auth_kerb** in your linux installation. On Debian or Ubuntu this would be achieved by running:
	311	+Install mod_auth_kerb in your linux installation. On Debian or Ubuntu this would be achieved by running:
306	306
307	307	{{code}}
308	308	aptitude install libapache2-mod-auth-kerb
...	...	@@ -325,23 +325,23 @@
325	325	</Location>
326	326	{{/code}}
327	327
328		-Make sure Apache Tomcat uses the authentication performed by Apache HTTPD with the "tomcatAuthentication" property in the connector description (which is in the **server.xml** file of Apache Tomcat):
	334	+Make sure Apache Tomcat uses the authentication performed by Apache HTTPD with the "tomcatAuthentication" property in the connector description (which is in the server.xml file of Apache Tomcat):
329	329
330	330	{{code}}
331	331	<Connector port="8009" address="127.0.0.1" enableLookups="false" tomcatAuthentication="false" redirectPort="8443" protocol="AJP/1.3" />
332	332	{{/code}}
333	333
334		-Place the **authkerb.jar** jar in the ##WEB-INF/lib## directory of XWiki in Apache Tomcat.
	340	+Place the authkerb.jar jar in the WEB-INF/lib directory of Xwiki in Apache Tomcat.
335	335
336		-Have Xwiki use the authentication module by changing the "xwiki.authentication.authclass" property in the ##WEB-INF/lib/xwiki.cfg## file.
	342	+Have Xwiki use the authentication module by changing the "xwiki.authentication.authclass" property in WEB-INF/lib/xwiki.cfg file.
337	337
338	338	{{code}}
339	339	xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl
340	340	{{/code}}
341	341
342		-If you use Firefox, do not forget to whitelist the xwiki URL for HTTP Negotiate in about:config with the "network.negotiate-auth.trusted-uris" property. Possible values for this property include: //https:~/~/// for all secured connections or **example.com** for all example.com subdomains.
	348	+If you use Firefox, do not forget to whitelist the xwiki URL for HTTP Negotiate in about:config with the "network.negotiate-auth.trusted-uris" property. possible values for this propperty include (without the quotes): "https:~/~/" for all secured connections or "example.com" for all example.com subdomains.
343	343
344		-When I used JBoss SPNEGO (Kerberos in combination with LDAP) I changed the code of the **XWikiLDAPAuthServiceImpl** to be able to detect the sso user. The authenication already happend by using the SPNEGO module (JAAS). After that I'm using the ldap synchronisation feature to make sure that the user is up to date. The combination leads to an automatic login in XWiki and the user rights are controlled in the Active Directory server. I hope you can adopt this code or that you can use it for your own projects.
	350	+2 JBoss SPNEGO (Kerberos in combination with LDAP) I changed the code of the XWikiLDAPAuthServiceImpl to be able to detect the sso user. The authenication already happend by using the SPNEGO module (JAAS). After that I'm using the ldap synchronisation feature to make sure that the user is up to date. The combination leads to an automatic login in the xwiki and the user rights are controlled in the Active Directory server. I hope you can adopt this code or that you can use it for your own projects.
345	345
346	346	The configuration of ldap:
347	347
...	...	@@ -364,7 +364,7 @@
364	364	XWiki.XWikiAllGroup=CN=WIKI_User,...........
365	365	{{/code}}
366	366
367		-The java code:
	373	+The java code
368	368
369	369	{{code}}
370	370	package com.wiki.sso;

XWiki.XWikiComments[10]

Original Selection

...	...	@@ -1,1 +1,0 @@
1		-Form Authentication LDAP Authentication Generic LDAP configuration Detailed use cases Enable LDAP debug log eXo Authentication Custom Authentication Custom Authentication using a Groovy script in a wiki page Authentication parameters Kerberos SSO Authentication

Selection

...	...	@@ -1,1 +1,0 @@
1		-Form Authentication Basic Authentication Social Login LDAP Authentication Generic LDAP configuration Detailed use cases Enable LDAP debug log eXo Authentication Custom Authentication Custom Authentication using a Groovy script in a wiki page Authentication parameters Kerberos SSO Authentication

State

...	...	@@ -1,1 +1,0 @@
1		-UPDATED

Target

...	...	@@ -1,1 +1,0 @@
1		-AdminGuide.Authentication