Learn about Edge Delivery Services in upcoming GEM session
SOLVED
LDAP and SSO Authentication Handler
1 Accepted Solution
Correct answer by
wrote...
Also, is the authenticationInfo object always passed in all requests even for anonymous objects or it only used in requests which have authenticated users? All the subsequent requests will be handler by TokenBasedAuthenticationHandler or would they still go through SSO?
Thanks for your help in advance
In the request if there are no user (anonymous) details authenticationInfo will not be passed. Hence not passed for all request. SSO extracts credentials however uses token util to issue login-token. Subsequent request the login-token cookie get validated by default TokenAuthenticationHandler.
Correct answer by
wrote...
Also, is the authenticationInfo object always passed in all requests even for anonymous objects or it only used in requests which have authenticated users? All the subsequent requests will be handler by TokenBasedAuthenticationHandler or would they still go through SSO?
Thanks for your help in advance
In the request if there are no user (anonymous) details authenticationInfo will not be passed. Hence not passed for all request. SSO extracts credentials however uses token util to issue login-token. Subsequent request the login-token cookie get validated by default TokenAuthenticationHandler.
wrote...
If you are using SSO with LDAP then specify TrustedInfo in ldap.conf and if you are using SSO alone then specify TrustedInfo info in repository.xml. I hope you have already defined the cookie name in SSO Auth handler and the same cookie you are using in your servlet or other way of calling CQ.
Hi Sam,
Thanks for your reply. I don't really want to use the SSO Authentication handler so i have created my own Authentication Handler which does something similar to SSO handler like
SimpleCredentials credentials = new SimpleCredentials(user, "no_password_needed".toCharArray());
credentials.setAttribute("TrustedInfo", SSO_COOKIE);
info = new AuthenticationInfo("SSO");
info.put("user.jcr.credentials", credentials);
return info;
//There is more logic but i have removed as it was not necessary
However, before i do the SSO handling, i check for the presence of SSO_COOKIE. If the cookie is not present then as we ask for crendentials. The problem is when correct creds are being passed, the authenticationSucceeded method is being called twice or more and after the first request info object in null in all subsequent requests. The multiple requests have to do with multiple resources like css and js being requested. What i want is that once the user provides their credentials the authenticationSucceeded method be called only once and there on every request should invoke my SSO handler if the cookie is present.
Any help or pointer will be appreciated. We are using LDAP login module to validate credentials.
wrote...
wrote...
If you are using SSO with LDAP then specify TrustedInfo in ldap.conf and if you are using SSO alone then specify TrustedInfo info in repository.xml. I hope you have already defined the cookie name in SSO Auth handler and the same cookie you are using in your servlet or other way of calling CQ.
Hi Sam,
Thanks for your reply. I don't really want to use the SSO Authentication handler so i have created my own Authentication Handler which does something similar to SSO handler like
SimpleCredentials credentials = new SimpleCredentials(user, "no_password_needed".toCharArray());
credentials.setAttribute("TrustedInfo", SSO_COOKIE);
info = new AuthenticationInfo("SSO");
info.put("user.jcr.credentials", credentials);
return info;
//There is more logic but i have removed as it was not necessary
However, before i do the SSO handling, i check for the presence of SSO_COOKIE. If the cookie is not present then as we ask for crendentials. The problem is when correct creds are being passed, the authenticationSucceeded method is being called twice or more and after the first request info object in null in all subsequent requests. The multiple requests have to do with multiple resources like css and js being requested. What i want is that once the user provides their credentials the authenticationSucceeded method be called only once and there on every request should invoke my SSO handler if the cookie is present.
Any help or pointer will be appreciated. We are using LDAP login module to validate credentials.
you will have to check if Cookie is valid or not inside the authenticationSucceeded method. Something like below -
@Override
public boolean authenticationSucceeded(HttpServletRequest request,
HttpServletResponse response, AuthenticationInfo authInfo) {
if (!isCookieValid(request,response)) {
return false;
}
boolean result;
if (DefaultAuthenticationFeedbackHandler.handleRedirect(request,
response)) {
result = false;
} else {
someMethodToRedirectUser() // If required
result = true;
}
log.info("Authentication Succeeded is :" + result);
return result;
}
