incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: LDAP Login problems (Login.jsp?redirect issue)
Date Thu, 26 Mar 2009 14:21:46 GMT
Wyllys:

I think you have been misinformed. JSPWiki does indeed assign any user  
that has been authenticated to a built-in role, called "Authenticated".

While I haven't verified your issue yet, the problem is likely in the  
JSPWiki scriptlet code, and has nothing to do with your LDAP  
integration. Could you try reproducing the issue with a MemoryRealm or  
another type of container site authenticator? That would narrow the  
scope if the problem to the code that handles the redirects.

I'll try reproducing your issue in the meantime.

Andrew

On Mar 24, 2009, at 11:36, Wyllys Ingersoll <wyllys.ingersoll@sun.com>  
wrote:

>
> Just following up on my earlier problem with LDAP login using  
> JSPWiki 2.8.1
>
> The problem seems to be in how Login.jsp handles the "redirect"  
> after a user
> successfully authenticates (using container-based LDAP  
> authentication).
>
> The login succeeds and the user is redirected to "Login.jsp? 
> redirect=Main",
> but Login.jsp doesn't want to allow that to happen and does not  
> perform
> the redirect, instead it brings up the "/error/Forbidden.html" page.
>
> I can click through on the "Better luck next time" link and get to the
> main page and show up as "authenticated" and continue as an  
> authenticated
> user, with all of the privileges I would expect.
> Login.jsp seems to be broken in some way when combined with LDAP  
> container auth,
> but I'm not enough of a JAAS expert to go in and debug it.
>
> -Wyllys
>
>
> Wyllys Ingersoll wrote:
>> I installed JSPWiki 2.8.1 and configured it to use LDAP  
>> authentication with  my
>> corporate LDAP server.  User are able to login and authenticate  
>> using their
>> LDAP name/password combinations correctly, but immediately  
>> afterwards they are
>> greeted with the "Forbidden" page:
>> ...
>> Forbidden
>> Sorry, but you are not allowed to do that.
>> Usually we block access to something because you do not have the  
>> correct privileges (e.g., read, edit, comment) for the page you are  
>> looking for. In this particular case, it is likely that you are not  
>> listed in the page’s access control list or that your privileges a 
>> ren’t high enough (you want to edit, but ACL only allows ‘read 
>> ’).
>> It is also possible that JSPWiki cannot find its security policy,  
>> or that the policy is not configured correctly. Either of these  
>> cases would cause JSPWiki to block access, too.
>> Better luck next time.
>> ...
>> Also, I see this in the error log upon comletion of the Login form:
>> ...
>> [21/Mar/2009:06:48:28] security ( 5976): Error while checking role  
>> membership of XXXX in Admin:     [NSACL4330] HTTP5094: while trying  
>> to get attribute "user-exists"
>>    [NSACL4330] HTTP5094: while trying to get attribute "userdn"
>>    [NSACL5860] HTTP5113: ldap password check: LDAP error:  
>> "Insufficient access"
>> ...
>> When I click on the "better luck next time" link, the "G'day"  
>> message shows my username and says I am authenticated and the users  
>> seem to have the necessary privileges (the "Edit"
>> button is available, etc).
>> What can be done to fix the issue that is causing the "Forbidden"  
>> page to come up immediately after login?
>> Any help would be much appreciated.
>> Thanks,
>> Wyllys
>

Mime
View raw message