Hi,
I'm working in add users from other app and login into CQ5. One of the ideas is to use Trusted Credential Attribute. However, it's seems to be deprecated for security issues.
Someone can confirm this? What's the other alternative?
Thanks,
Solved! Go to Solution.
avalers wrote...
Should be work if I use in my custom AuthenticationHandler?
The auth handler sits on top of the repository where as the login module acts inside the repository. The login module allows logins directly on the jcr API, eg via jcr remoting, webdav.... on the other side the auth handler only works when accessing via sling. if you choose to go with the AuthenticationHandler use com.day.crx.security.token.TokenUtil#createCredentials as Trusted Credentials is deprecated.
This is to confirm trust_credentials_attribute is deprecated.
Workaround is implement an custom loginmodule in that override isPreAuthenticated method also & deploy as OSGi fragment.
Views
Replies
Total Likes
Even though you see this message in error.log but it is still valid. I have implemented cookie and header based SSO in 5.6.1 using Trusted Credential Attribute in repoasitory.xml
Views
Replies
Total Likes
could you share with me your example? The code when you set the trusted-credentials?
Views
Replies
Total Likes
Could you provide more information and some examples?
Thanks,
Views
Replies
Total Likes
avalers wrote...
Could you provide more information and some examples?
Thanks,
High level steps at http://www.wemblog.com/2012/06/how-to-add-custom-login-module-in-cq55.html
Views
Replies
Total Likes
thank you so much!
what's the difference with this approach:
https://issues.apache.org/jira/browse/JCR-3293
Should be work if I use in my custom AuthenticationHandler?
Subject s = getAndPopulateTheSubject(); Session session = Subject.doAs(s, new PrivilegedExceptionAction() {public Session run() throws RepositoryException {return repository.login(); } });
Views
Replies
Total Likes
avalers wrote...
Should be work if I use in my custom AuthenticationHandler?
The auth handler sits on top of the repository where as the login module acts inside the repository. The login module allows logins directly on the jcr API, eg via jcr remoting, webdav.... on the other side the auth handler only works when accessing via sling. if you choose to go with the AuthenticationHandler use com.day.crx.security.token.TokenUtil#createCredentials as Trusted Credentials is deprecated.
I've used OOTB SSO authentication handler and modified repository.xml as follows-
<LoginModule class=”com.day.crx.core.CRXLoginModule”>
<param name=”trust_credentials_attribute” value=”TrustedInfo”/>
<param name=”anonymous_principal” value=”anonymous”/>
</LoginModule>
And in case we need to write custom auth handler then we can write logic in extractCredentials method and direct the user in authenticationSucceeded method.
Views
Replies
Total Likes
Do you have information regarding tokenCredentials. I made this implementation:
credentials = new SimpleCredentials(extractedUserId, extractedPassword.toCharArray());
credentials.setAttribute(".token", "");
credentials.setAttribute(trustCredentials, "this value is inconsequential");
TokenCredentials tc = new TokenCredentials((String)credentials.getAttribute(".token"));
AuthenticationInfo authInfo = new AuthenticationInfo("TOKEN", credentials.getUserID());
However, I received this error:
java.lang.IllegalArgumentException: Invalid token ''
at org.apache.jackrabbit.api.security.authentication.token.TokenCredentials.<init>(TokenCredentials.java:42)
Views
Replies
Total Likes
It's possible to do this without provide any user and password?
Views
Replies
Total Likes
Views
Likes
Replies