Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Login Procedure

The new OpenCms login as following: 

Module Parameters

 The CASified OpenCms-LDAP module has the following parameters:

Attribute: a expression to mapping the username to an LDAP attribute, such as uid=%u@langhua.cn or cn=Shi Yusen, default is uid=u%.

AuthenType: the authen type of LDAP server, default value is simple.

AuthenticationHandler: the handler to authen the user's login, can be cn.langhua.opencms.ldap.cas.CmsCasAuthenticationHandler or cn.langhua.opencms.ldap.openldap.CmsLdapAuthenticationHandler, default is the LDAP one.

AutoUserRoleName: when a new user added according to the login server, the default role type of this user. If empty, the user will be only in the User group without any role.

BaseDN: the base DN of LDAP server, such as dc=example,dc=com. No default value.

CasLoginUri: the uri to CAS login, default is /login.

CasUrl: the url to visit CAS server, default is https://localhost:8443/cas.

CasValidateUri: the uri to CAS validate, default is /validate.

Filter: the filter to login LDAP server, default is (objectclass=*).

Scope: the scope to search LDAP, default is sub which means search subtree from the BaseDN.

URL: the URL of the LDAP server, ldap://localhost:389.

UseCmsLoginWhenLDAPFail: When LDAP connection or login failed, whether using OpenCms login instead. Default value is true.

 You have to config your CAS server to use LDAP as the above parameters configed.

 How to validate service ticket

 I use CAS 1.0 protocal to validate service ticket in the login procedure.

                String ticket = CmsRequestUtil.getNotEmptyParameter(getRequest(), PARAM_TICKET);
        	CmsModule ldapModule = OpenCms.getModuleManager().getModule("cn.langhua.opencms.ldap");
        	if (ldapModule != null) {
        		String casUrl = ldapModule.getParameter("CasUrl", "https://localhost:8443/cas");
        		String loginUri = ldapModule.getParameter("CasLoginUri", "/login");
        		String validateUri = ldapModule.getParameter("CasValidateUri", "/validate");
        		String serviceUrl = getRequest().getRequestURL().toString();
        		String url = URLEncoder.encode(serviceUrl, "UTF-8");
        		if (ticket == null) {
            		getResponse().sendRedirect(casUrl + loginUri + "?service=" + url);
            	} else {
            		// there's a ticket, we should validate the ticket
            		URL validateURL = new URL(casUrl + validateUri + "?" + PARAM_TICKET + "=" + ticket + "&" + PARAM_SERVICE + "=" + url);
            		URLConnection conn = validateURL.openConnection();
        			InputStreamReader result = new InputStreamReader(conn.getInputStream(), "UTF-8");
        			BufferedReader reader = new BufferedReader(result);
        			String oneline = reader.readLine();
        			if (CmsStringUtil.isNotEmpty(oneline) && oneline.equals("yes")) {
    					// the ticket is true
    					m_username = reader.readLine().trim();
    					m_password = "cas_login";
    					m_actionLogin = "true";
            			reader.close();
            			result.close();
       				} else {
       					// the ticket is false, forward the request to cas login page
            			reader.close();
            			result.close();
                		getResponse().sendRedirect(casUrl + loginUri + "?service=" + url);
        			}
            	        }
        	}



/system/loing/index.html

Please replace the /system/login/index.html with /system/modules/cn.langhua.opencms.ldap/login/index_cas.html, and then you'll use CAS login page to login your OpenCms.
 
  (End) 

  • No labels