4 Replies Latest reply on Dec 26, 2007 2:27 PM by groovenarula

    JBossPortal, trusting Apache for authentication.

    badock
    badock Nov 29, 2007 4:34 AM

      Hello all,

      I use JbossPortal behind an Apache, using Kerberos.
      The user has to have authorization from Apache to display the Portal, and his username is stored in the Apache-variable REMOTE_USER.
      What i need now, is JBossPortal to read this value from Apache, and automatically log the user in, so that the user has not to type any password again.

      I've been told to use JkEnvVar to pass the REMOTE_USER value from Apache to Tomcat, but it's still quite vague for me, and i'd like to know, if you had any idea on how JBossPortal can obtain this value ?

      Thanks for helping . :)

      • 9613 Views
      • Tags:
        • 1. Re: JBossPortal, trusting Apache for authentication.
          badock
          badock Nov 29, 2007 9:32 AM (in response to badock)

          OK, i managed to pass the value REMOTE_USER from Apache to JBossPortal,
          actually, all i had to do was adding the line

          JkEnvVar REMOTE_USER

          in /etc/httpd/conf/mod-jk.conf and restart apache.

          To make sure JBoss was "seeing" this variable, i wrote a small portlet, and within the index.jsp file i wrote : 

          REMOTE_USER = <% out.print (request.getAttribute("REMOTE_USER")); %>

          and it actually displays the kerberos-principal on the webpage : 
          REMOTE_USER = myprincipal@REALM



          So now, i think i'm half way to victory...
          All i have to do, is to make Jboss authenticate the user with this value REMOTE_USER i'm now sure it can see, and without questionning the

          So if you have any clue... feel free to tell me :)

            • Actions
          • 2. Re: JBossPortal, trusting Apache for authentication.
            groovenarula
            groovenarula Dec 7, 2007 9:59 AM (in response to badock)

            I have a similar requirement. Only in my case it's because I need to integrate with an Web Access Manager framework (similar to Site Minder). So if manage to make any headway into this, let me know.

            Thanks
            Gurvinder

              • Actions
            • 3. Re: JBossPortal, trusting Apache for authentication.
              badock
              badock Dec 14, 2007 3:35 AM (in response to badock)

              hi there,

              my situation has changed a bit, maybe you are interested in what i 've done :
              http://www.jboss.com/index.html?module=bb&op=viewtopic&t=125858

              hope it helps :)

                • Actions
              • 4. Re: JBossPortal, trusting Apache for authentication.
                groovenarula
                groovenarula Dec 26, 2007 2:27 PM (in response to badock)

                Well I managed to make some progress by writing a custom 'TomCat Value'. The Tomcat Value (which extends ValueBase) successfully set's the 'request's' Principal to the desired user (the Portal shows the messgage 'Logged in as : xxxxxxx') ! However, I'm logging in as 'admin' (curretly hardcoded in the custom Value class) and am setting all the roles of the user to 'Admin','User' and 'Authenticated'. But I can't access the 'Dashboard'. It's thorwing up a '403' - Access Denied error. Not sure where to go from here !

                Thanks for info !
                Groove

                  • Actions