Replies

Highlighted

Avatar

13-07-2008

Samita,



Try these settings:



In FireFox using the Modify Headers plugin, add and enable these 2 headers:



Header 1:

Name = Domain

Value = DefaultDom



Header 2:

Name = UserID

Value = kvarsen



# where username is some known user name. In LDAP it would be DN. If you installed the samples with Livecycle, the kvarsen user id will work.



In LiveCycle's Portal Configuration page set these settings:

SSO type: HTTP Header

Http header for unique identifier: HTTP header for domain: Domain mapping: UserID

HTTP header for domain: Domain

Domain mapping: Domain=DefaultDom



With all this set you'll be able to go the the URL without UID and password prompt:

http://[servername]/workspace



There's more to a deployed configuration, but this should help for start.



Thanks,



Todd.
Highlighted

Avatar

Avatar

kc

Avatar

kc

kc

02-09-2008

Hi again Jasmin,



Can you help me setup the Kerberos single sign on, it does not seem to work as I expected.



Sincerely

Kim
Highlighted

Avatar

19-11-2008

Hi Jasmin,

If we do not have Active Directory, is there a way to bypass the login screen using cookies? I would need to obviously write some sort of login servlet to handle this, correct? Has this been done before?
Highlighted

Avatar

Avatar

Jasmin_Charbonn

Avatar

Jasmin_Charbonn

Jasmin_Charbonn

19-11-2008

If you don't use AD, you can leverage SSO using HTTP Headers.



As you said, you would need to build some servlets to set those up.



I use the Modify Headers Firefox plug-in to test my SSO. This plugin allows you to set the HTTP headers of your browser.



At least you know if you've configured the HTTP Headers properly from adminui.



Jasmin
Highlighted

Avatar

09-01-2009

Hello.



Can you please guide me how to write a servlet that will add http header to a request and forward it to Workspace?



I have written an servlet which uses Requestdispatcher and include or forward method to route request to Workspace context, and while Network monitor shows that some data is routed to Workspace, the Workspace GUI does not show in my browser when I call this servlet I've written directly.



Thanks!
Highlighted

Avatar

12-01-2009

So programming servlet i made:



public class CustReq extends HttpServletRequestWrapper{



public CustReq(HttpServletRequest request) {

super(request);

}



@Override

public String getHeader(String name) {

if ("UserID".equalsIgnoreCase(name)) {

return "myuser";

}



return super.getHeader(name);

}



}



And then used in a Filter method:



public void doFilter(ServletRequest arg0, ServletResponse arg1,

FilterChain arg2) throws IOException, ServletException {



CustReq wrapp = new CustReq((HttpServletRequest)arg0);

arg2.doFilter(wrapp, arg1);



}



And finally bound filter to RedirectorServlet which has following code in doGet():



ServletContext context =

getServletContext().getContext("/Workspace_cust/Main.html");

RequestDispatcher rd = context.getRequestDispatcher("/Main.html");

rd.include(req, res);



Then I integrated this classes to Workspace_cust.ear, modifying web.xml and adding .class files.



Now when I navigate with my browser to ../Workspace_cust/RedirectorServlet I get redirected to Main.html as I should be, but there is still login screen! I tested SSO using FF modify headers plugin and also by making servlet like this in doGet:



PrintWriter out = res.getWriter();

out.println("Userid header is " +req.getHeader("UserID"));



And I get the Correct values!



So please help me how do I set/add http headers in Java Servlet.



Thank you in advance
Highlighted

Avatar

Avatar

HowardTreisman

Avatar

HowardTreisman

HowardTreisman

20-02-2009

Hi Andrej

I'm not trying to dissuade you from trying, but we've done this, and it was seriously difficult. If you'd like to consider re-using what we've built rather than building it yourself, please see:

http://www.avoka.com/avoka/single_signon.shtml

or send an email to info@avoka.com



Otherwise, good luck! 🙂



Howard
Highlighted

Avatar

Avatar

Gary_Gilchrist

Avatar

Gary_Gilchrist

Gary_Gilchrist

21-02-2009

In LiveCycle ES Update 1 we support the SPNEGO protocol used by Windows to authenticate desktop users to our Web Applications (Workspace, Admin console etc). This works in a Windows Domain using Active Directory.



Also LiveCycle can be configured to rely on SSO products that initially set a user token identifier in HTTP Headers.



Our documentation provides some background info:

http://www.adobe.com/go/learn_lc_administration_82



If you can use one of these approaches, then a nice benefit is that forms opened in Workspace will propagate the same SSO user when they call a LiveCycle Web Service.