Projets
Pages enfant
  • The ESUP authentication layer

Comparaison des versions

Ancienne version 5

changes.mady.by.user Raymond Bourges

Sauvegardée le

comparé à

Nouvelle version 6

changes.mady.by.user Raymond Bourges

Sauvegardée le

Légende

  • Ces lignes ont été ajoutées. Ce mot a été ajouté.
  • Ces lignes ont été supprimées. Ce mot a été supprimé.
  • La mise en forme a été modifiée.

...


The following parameter is important and will often be let to false. If false, then ONLY ONE filter will be used - the first one matching the request in the slide.authenticationRouter.filterList. If true then every filter matching the request will be used.
Imagine for example that the LDAP and TRUSTED criteria match the request, then the request will be first forwarded to the LDAP filter (for an LDAP authentication) and then to the TRUSTED filter (for a TRUSTED authentication) - and in this order !

Bloc de code
<init-param>
   <param-name>org.esupportail.filter.authenticationRouter.enableCascading</param-name>
   <param-value>false</param-value>
  </init-param>

...

fastBindUserPattern : Pattern used to build a DN to bind. The syntax is uniqueAttributeEqualsToLogin={0},baseDN

Bloc de code
  <init-param>
   <param-name>org.esupportail.filter.LDAPFilter.fastBindUserPattern</param-name>
   <param-value>uid=\{0\},ou=people,dc=univ,dc=fr</param-value>
  </init-param>

...

Bloc de code
<init-param>
<param-name>org.esupportail.filter.LDAPFilter.searchBindBaseDN</param-name>
<param-value>ou=people,dc=univ,dc=fr</param-value>
</init-param>
<init-param>
<param-name>org.esupportail.filter.LDAPFilter.searchBindScope</param-name>
<param-value>SUBTREE_SCOPE</param-value> <\!-\- SUBTREE_SCOPE \| ONELEVEL_SCOPE \| OBJECT_SCOPE \-->
</init-param>
<init-param>
<param-name>org.esupportail.filter.LDAPFilter.searchBindFilter</param-name>
<param-value>uid=
{0}
</param-value>
</init-param>
</filter>

...

If the authentication router selects this filter then the request will be directed to a non existing filter - the consequence is that the user name will not be included in the request going to the server.

The SHIB authentication filter (only on the v5.0 and

...

upper)


Processes an Shibboleth authentication.

...

Bloc de code
<init-param>
<param-name>org.esupportail.filter.ShibFilter.shibAttributesInSession</param-name>
<param-value>true</param-value>
</init-param>

</filter>

The RedirectFilter (only on the v5.1 and upper)

...

code
Bloc de code
<init-param>
<param-name>org.esupportail.filter.redirectFilter.DestinationHost</param-name>
<param-value>[slide.redirectFilter.DestinationHost]</param-value>
</init-param>

</filter>
Bloc de code