[jboss-dev-forums] [Design of JBoss Portal] - Authentication AND Identification JBossPortal+LDAP+Kerberos
badock
do-not-reply at jboss.com
Thu Dec 13 11:02:03 EST 2007
Hello all,
I'm still trying to Kerberize my JBoss portal, and i go futher everyday... but it takes time :P
OK, so let's sum up :
I have a Kerberos Server (KDC), an Apache in front of a Tomcat/Jboss, and a LDAP which JBoss can read (set in ldap_identity-config.xml).
Apache can display JBossPortal using the tomcat communicator mod_jk.
I put the "JkEnvVar REMOTE_USER" line in the mod_jk conf file so that Apache "tells" JBoss who tries to log in.
I also wrote into the server.xml file to bypass standard tomcat authentication :
<!-- Define an AJP 1.3 Connector on port 8009 -->
| <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
| emptySessionPath="true" enableLookups="false" redirectPort="8443" tomcatAuthentication="false" />
|
| <Engine name="jboss.web" defaultHost="localhost">
Now what happens ?
When a user tries to access the portal, he's asked to get a TGT from the KDC, then he's asked a TGS(HTTP) in order to access Apache.
When he gets to the JBossPortal page, JBoss goes and see who he really is in the LDAP, using the REMOTE_USER variable Apache gave him, and logs him in, if he ever is in the LDAP.
On the top-right corner, you can see the username as defined in the LDAP.
So what's the problem ?
Well, the thing is, JBoss/Tomcat logs users fine, but they don't get their profile.
And since the portlets i use _depend_on_ the user's profile i really need that information.
I think i have to find out more on how the fact that setting "tomcatAuthentication" to false screw things up...
So if you have any idea ... feel free to tell me :)
previous post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4111256#4111256
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4106371#4106371
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4112616#4112616
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4112616
More information about the jboss-dev-forums
mailing list