[xwiki-users] XWiki+JBoss+SSO Kerberos (Active Directory) on Windows Server 2003
Hi guys, I'm very enthusiastic about getting everything out of the XWiki environment I'm about to set up for my company. As a matter of fact, right now I'm thinking about the best solution for getting Kerberos authentication/authorization to work as all 12000 employees are already part of the company's Active Directory. I've read the XWiki article about Auth issues and am now thinking about what would be the best/easiest/strongest solution. The solution mentioned in the Wiki wants to use Apache Webserver mit mod_auth_kerb. As for now, I did not succeed in building a working mod_auth_kerb module for Win32, which somehow disencourages me to follow this suggestion. Anyway I wonder, whether I would only be able to authenticate users or whether there would be a way to have XWikis builtin auth features cooperate with the Kerberos mechanism. The I just came across "josso" which seems to a framework which can be deployed into a JBoss Application Server and work as an authentication gateway to any josso-enabled applications running on JBoss. Is XWiki capable of doing this? And the question about XWikis auth mechanism from before remains. Any other suggestions and hints for such are scenario from you guys are highly appreciated , since the whole AD/Kerberos/JBoss stuff is rather new to me. Again, many thanx in advance for any potential reply on this, it's really important to me. Cheers, Sebastian
Hi, If you setup an authentication which correctly sets the REMOTE_USER field then you should be able to use it with XWiki. You can then use the AppServerTrustedAuthentication module to accept your user and create it's user page. You can activate it using this in xwiki.cfg xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.AppServerTrustedAuthServiceImpl Implementing XWiki in Kerberos itself is a lot of work and not really usefull since you can have it in Apache or the App server. Ludovic Sebastian Kannengiesser a écrit :
Hi guys,
I'm very enthusiastic about getting everything out of the XWiki environment I'm about to set up for my company. As a matter of fact, right now I'm thinking about the best solution for getting Kerberos authentication/authorization to work as all 12000 employees are already part of the company's Active Directory.
I've read the XWiki article about Auth issues and am now thinking about what would be the best/easiest/strongest solution. The solution mentioned in the Wiki wants to use Apache Webserver mit mod_auth_kerb. As for now, I did not succeed in building a working mod_auth_kerb module for Win32, which somehow disencourages me to follow this suggestion. Anyway I wonder, whether I would only be able to authenticate users or whether there would be a way to have XWikis builtin auth features cooperate with the Kerberos mechanism. The I just came across "josso" which seems to a framework which can be deployed into a JBoss Application Server and work as an authentication gateway to any josso-enabled applications running on JBoss. Is XWiki capable of doing this? And the question about XWikis auth mechanism from before remains. Any other suggestions and hints for such are scenario from you guys are highly appreciated , since the whole AD/Kerberos/JBoss stuff is rather new to me. Again, many thanx in advance for any potential reply on this, it's really important to me.
Cheers, Sebastian _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
-- Ludovic Dubost Blog: http://blog.ludovic.org/ XWiki: http://www.xwiki.com Skype: ldubost GTalk: ldubost
Ludovic Dubost wrote:
Hi,
If you setup an authentication which correctly sets the REMOTE_USER field then you should be able to use it with XWiki. You can then use the AppServerTrustedAuthentication module to accept your user and create it's user page. You can activate it using this in xwiki.cfg
xwiki.authentication.authclass=com.xpn.xwiki.user.impl.xwiki.AppServerTrustedAuthServiceImpl
Implementing XWiki in Kerberos itself is a lot of work and not really usefull since you can have it in Apache or the App server.
<fsfRant> Why not drop Windows? It's a crappy product, and there's no reason why you should keep it. This way you'll be able to use mod_auth_kerb. </fsfRant>
Sebastian Kannengiesser a écrit :
Hi guys,
I'm very enthusiastic about getting everything out of the XWiki environment I'm about to set up for my company. As a matter of fact, right now I'm thinking about the best solution for getting Kerberos authentication/authorization to work as all 12000 employees are already part of the company's Active Directory.
I've read the XWiki article about Auth issues and am now thinking about what would be the best/easiest/strongest solution. The solution mentioned in the Wiki wants to use Apache Webserver mit mod_auth_kerb. As for now, I did not succeed in building a working mod_auth_kerb module for Win32, which somehow disencourages me to follow this suggestion. Anyway I wonder, whether I would only be able to authenticate users or whether there would be a way to have XWikis builtin auth features cooperate with the Kerberos mechanism. The I just came across "josso" which seems to a framework which can be deployed into a JBoss Application Server and work as an authentication gateway to any josso-enabled applications running on JBoss. Is XWiki capable of doing this? And the question about XWikis auth mechanism from before remains. Any other suggestions and hints for such are scenario from you guys are highly appreciated , since the whole AD/Kerberos/JBoss stuff is rather new to me. Again, many thanx in advance for any potential reply on this, it's really important to me.
-- Sergiu Dumitriu http://purl.org/net/sergiu/
I would not consider using Windows for a second if I had a chance to take something different. But as a matter of fact, my company enforces me to set things up on Windows. Thnaks anyway. Any other suggestions from the Windows people, if there are any? Thanks again in advance. Cheers Sebastian
<fsfRant> Why not drop Windows? It's a crappy product, and there's no reason why you should keep it. This way you'll be able to use mod_auth_kerb. </fsfRant>
-- Sergiu Dumitriu http://purl.org/net/sergiu/ _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
participants (3)
-
Ludovic Dubost -
Sebastian Kannengiesser -
Sergiu Dumitriu