8 Mar
2013
8 Mar
'13
1:53 p.m.
Hi Thomas,
Thanks for your reply. I should have given you some more info.
I'm using the default authenticator, because if I use the
com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl, my ldap stops
working.
If I use com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl Kerberos
works fine, but new users aren't created, and group sync isn't working etc etc...
Maybe my question should be: How do I get LDAP working with the Kerberos authenticator?
Mark
On Tue, Mar 5, 2013 at 4:35 PM, Mark Jas <mark(a)nieuwenborg.nl> wrote:
Hi all,
I have configured xwiki with LDAP authentication and kerberos SSO.
When I use a browser without automatic Kerberos SSO, I get a keberos login page. When I
fill in username and password manually it works great.
But when I set the browser to use automatic logon, I get the xwiki
login page! (at least in FireFox, IE says “cannot show page”)
I get the same results when I manually login with “username@DOMAIN”
and “password”. So I think the domain part is used in the automatic
logon. (and is the actual problem…)
I see there is java code that strips the @DOMAIN part from the username. But I have no
idea how or where to implement this. I hope some can help me!
I never used it myself but from what I see in the code it's supposed to do that all
the time. Maybe there is a bug.
You can try to enable debug log[1] for class
com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl
(that's the authenticator you are using, right ?) to see what's going on. At least
ou should get what remote user XWiki is getting if any.
[1] http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging
Mark
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
--
Thomas Mortagne
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users