jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harry Metske <harry.met...@gmail.com>
Subject Re: JSPWiki with Secure LDAP (LDAPS) authentication
Date Thu, 26 Apr 2012 17:52:24 GMT
Dave,

What is you jspwiki baseURL ?

If it is http, then that is probably the cause.

regards,
Harry
Op 26 apr. 2012 14:38 schreef "Dave Koelmeyer" <
dave.koelmeyer@davekoelmeyer.co.nz> het volgende:

> Hi All,
>
> I'm trying to get HTTPS authentication with JSPWiki up and running, and
> I'm having a bit of difficulty getting things to work properly.
>
> I am running JSPWIki v2.8.3. My LDAP server is OpenDJ 2.4.4. Glassfish
> 3.1.1 is my application server. These are all running locally on the same
> host. Java is version 1.6.0_26.
>
> Container-based LDAP authentication to JSPWiki works fine using insecure
> connections - exact configuration is at http://blog.davekoelmeyer.co.**
> nz/2012/01/28/container-based-**authentication-with-jspwiki-**
> glassfish-and-opendj/<http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/>
>
> In Glassfish I have switched to the secure LDAP port (1636 in my case) for
> my JSPWiki security realm, and verified the LDAPS connection handler is
> enabled in OpenDJ.
>
> I have exported the OpenDJ private certificate and imported it into the
> Glassfish domain JKS keystore hosting JSPWiki.
>
> Finally, in the JSPWiki web.xml file, I have uncommented the
> <user-data-constraint><**transport-guarantee>**CONFIDENTIAL</transport-**
> guarantee></user-data-**constraint> portions in the container manged
> authentication section.
>
> Now, when attempting to log into JSPWiki, Firefox 11 correctly switches to
> an HTTPS connection, and I am warned about the OpenDJ self-signed
> certificate which I add to my personal certificate store. Upon then
> entering my LDAP user credentials to log in, these are not apparently
> rejected, but my user status remains "not logged in". I.e. my credentials
> are not apparently explicitly rejected (i.e. I am not simply bounced back
> to the login prompt), but are not apparently accepted either. Very strange.
>
> To clarify the steps on this last point:
>
> 1) On my JSPWiki front page, I click on the log in link
> 2) I am prompted for credentials, and I enter my LDAP username and password
> 3) I am returned to the page in question - but my user login status as
> visible at the top-right of the page is still "not logged in".
>
> I will follow up this email with details from the OpenDJ access logs - but
> can anyone point early on to what the problem might be here?
>
> Cheers,
>
> --
> Dave Koelmeyer
> http://www.davekoelmeyer.co.nz
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message