manifoldcf-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bert van Hoesel <bhoe...@scamander.com>
Subject Re: next step in implementing manifold: user authentication
Date Mon, 18 Feb 2013 14:51:51 GMT
Hi Karl,

The construct this way is clear. I hoped it would be more 'transparent' to the underlying
processes.

The next question that raises is: what is the (environment) variable name that ManifoldCF
is expecting the authenticated username in? This is for me the 'missing' link in the setup.
I have no clue what (as an example) to 'append' to the url to convey the username to ManifoldCF.
Or is this configurable? If so where can I find it. As So far it has escaped my attention.

Regards,

Bert.

On 02/18/2013 03:33 PM, Karl Wright wrote:

Hi Bert,

Typically the authenticated user name would get passed from
mod-auth-kerb to Tomcat (or whatever the app server is you are running
solr under) as an argument, maybe appended to the url.  It's going to
be up to you to figure out how to do that.  Others may have more
concrete suggestions.

Karl

On Mon, Feb 18, 2013 at 9:28 AM, Bert van Hoesel <bhoesel@scamander.com><mailto:bhoesel@scamander.com>
wrote:


Hi Karl,

To be more precise. We are trying to get an 'sightly' customized Blacklight
fronted to connect to solr via ManifoldCF with authorization (obvious).
Blacklight is running from within Apache. So that would be a pre for
mod-auth-kerb. But ManifoldCF is running from within a Tomcat instance. In
this construct it is still not clear to me how and if this is going to work.
Technically, I am still missing the link between the login on Apache and the
authentication / user 'handover' to the Tomcat environment for Manifold.

So if anyone can pitch in to describe their solution. It would be much
appreciated.

Regards,

Bert.


On 02/18/2013 03:09 PM, Karl Wright wrote:

Hi Bert,

Others, I hope, will chime in on this thread and let you know what
precise solutions they have adopted.  But, in general, the solution
you use will depend on the environment you intend to run in.  As you
point out, JAAS authentication is an option, should you be able to
find an appropriate JAAS plugin that does what you want.  If you want
to do things via the Apache web server, I'd look at mod-auth-kerb
rather than mod-authz.  Others, no doubt, have less generic
suggestions.

Karl

On Mon, Feb 18, 2013 at 9:03 AM, Bert van Hoesel <bhoesel@scamander.com><mailto:bhoesel@scamander.com>
wrote:

Hi,

At the moment for the most part it is clear how to install, configure and
populate manifoldcd and solr with authorized data. Using the added
Manifoldcf 'search' url I can see I do not have access to any 'authorized'
documents. Indeed I only see the non authorized documents.

Thus the next step would be an authentication mechanism on top of this. I
have been looking 'around' but was not able to find enough pointers on how
to accomplish this. Two 'obvious' paths seem to be available: JAAS or apache
mod_authz. But maybe other solutions exists. Most preferable options are
those with minimal (java) programming.

Biggest issue at the moment is that I can not figure out how authentication
data is propagated into ManifoldCF.

Can anybody point me to some howtoo's or documentation of some kind on how
to accomplish this authentication on top of ManifoldCF.

Thanks in advance.

Regards,

Bert.





Mime
View raw message