...
Code Block |
---|
Attribute: a expression to mapping the username to an LDAP attribute, such as uid=%u@langhua.cn or cn=Shi Yusen, default is uid=u%.
AuthenType: the authen type of LDAP server, default value is simple.
AuthenticationHandler: the handler to authen the user's login, can be cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler or cn.langhua.opencms.ldap.openldap.CmsLdapAuthenticationHandler, default is the LDAP one.
AutoUserRoleName: when a new user added according to the login server, the default role type of this user. If empty, the user will be only in the User group without any role.
BaseDN: the base DN of LDAP server, such as dc=example,dc=com. No default value.
CasLoginUri: the uri to CAS login, default is /login.
CasUrl: the url to visit CAS server, default is https://localhost:8443/cas.
CasValidateUri: the uri to CAS validate, default is /validate.
Filter: the filter to login LDAP server, default is (objectclass=*).
Scope: the scope to search LDAP, default is sub which means search subtree from the BaseDN.
URL: the URL of the LDAP server, ldap://localhost:389.
UseCmsLoginWhenLDAPFail: When LDAP connection or login failed, whether using OpenCms login instead. Default value is true.
|
You You have to config your CAS server to use LDAP as the above parameters configed.
How to validate service ticket
I use CAS 1.0 protocal to validate service ticket in the login procedure.
Code Block |
---|
String ticket = CmsRequestUtil.getNotEmptyParameter(getRequest(), PARAM_TICKET); CmsModule ldapModule = OpenCms.getModuleManager().getModule("cn.langhua.opencms.ldap"); if (ldapModule != null) { String casUrl = ldapModule.getParameter("CasUrl", "https://localhost:8443/cas"); String loginUri = ldapModule.getParameter("CasLoginUri", "/login"); String validateUri = ldapModule.getParameter("CasValidateUri", "/validate"); String serviceUrl = getRequest().getRequestURL().toString(); String url = URLEncoder.encode(serviceUrl, "UTF-8"); if (ticket == null) { getResponse().sendRedirect(casUrl + loginUri + "?service=" + url); } else { // there's a ticket, we should validate the ticket URL validateURL = new URL(casUrl + validateUri + "?" + PARAM_TICKET + "=" + ticket + "&" + PARAM_SERVICE + "=" + url); URLConnection conn = validateURL.openConnection(); InputStreamReader result = new InputStreamReader(conn.getInputStream(), "UTF-8"); BufferedReader reader = new BufferedReader(result); String oneline = reader.readLine(); if (CmsStringUtil.isNotEmpty(oneline) && oneline.equals("yes")) { // the ticket is true m_username = reader.readLine().trim(); m_password = "cas_login"; m_actionLogin = "true"; reader.close(); result.close(); } else { // the ticket is false, forward the request to cas login page reader.close(); result.close(); getResponse().sendRedirect(casUrl + loginUri + "?service=" + url); } } } |
/system/loing/index.html
Please replace the /system/login/index.html with /system/modules/cn.langhua.opencms.ldap/login/index_cas.html, and then you'll use CAS login page to login your OpenCms.
(End)