incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Koelmeyer <dave.koelme...@davekoelmeyer.co.nz>
Subject JSPWiki with Secure LDAP (LDAPS) authentication
Date Thu, 26 Apr 2012 12:38:16 GMT
Hi All,

I'm trying to get HTTPS authentication with JSPWiki up and running, and 
I'm having a bit of difficulty getting things to work properly.

I am running JSPWIki v2.8.3. My LDAP server is OpenDJ 2.4.4. Glassfish 
3.1.1 is my application server. These are all running locally on the 
same host. Java is version 1.6.0_26.

Container-based LDAP authentication to JSPWiki works fine using insecure 
connections - exact configuration is at 
http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/

In Glassfish I have switched to the secure LDAP port (1636 in my case) 
for my JSPWiki security realm, and verified the LDAPS connection handler 
is enabled in OpenDJ.

I have exported the OpenDJ private certificate and imported it into the 
Glassfish domain JKS keystore hosting JSPWiki.

Finally, in the JSPWiki web.xml file, I have uncommented the 
<user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>

portions in the container manged authentication section.

Now, when attempting to log into JSPWiki, Firefox 11 correctly switches 
to an HTTPS connection, and I am warned about the OpenDJ self-signed 
certificate which I add to my personal certificate store. Upon then 
entering my LDAP user credentials to log in, these are not apparently 
rejected, but my user status remains "not logged in". I.e. my 
credentials are not apparently explicitly rejected (i.e. I am not simply 
bounced back to the login prompt), but are not apparently accepted 
either. Very strange.

To clarify the steps on this last point:

1) On my JSPWiki front page, I click on the log in link
2) I am prompted for credentials, and I enter my LDAP username and password
3) I am returned to the page in question - but my user login status as 
visible at the top-right of the page is still "not logged in".

I will follow up this email with details from the OpenDJ access logs - 
but can anyone point early on to what the problem might be here?

Cheers,

-- 
Dave Koelmeyer
http://www.davekoelmeyer.co.nz


Mime
View raw message