topic Re: How to configure activiti-explorer for SSO? in Alfresco Archive

How to configure activiti-explorer for SSO?

tombo — Mon, 23 Sep 2013 07:51:27 GMT

I have activiti-explorer 5.13 deployed at the weblogic 10.3.6. application server with kerberos SPNEGO authentication and authorization against Active Directory (like this example: http://biemond.blogspot.com/2011/08/single-sign-on-with-windows-kerberos-on.html ).To obtain SSO, usual method is to s

Re: How to configure activiti-explorer for SSO?

jbarrez — Thu, 26 Sep 2013 15:15:55 GMT

You probably will need to tweak the source code of Explorer, cause it will show the login page always otherwise

Re: How to configure activiti-explorer for SSO?

tombo — Thu, 26 Sep 2013 18:57:53 GMT

Thank you for response. Unfortunately, I'm not a skilled java developer, so this answer will not be enough to guide me. What I was able to understand (if not mistaken) is that support for SSO is partially implemented. For instance, this code in the ExplorerApp.java:

<java>
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
    // Set current application object as thread-local to make it easy accessible
    current.set(this);

    // Authentication: check if user is found, otherwise send to login page
    LoggedInUser user = (LoggedInUser) getUser();
    if (user == null) {
      // First, try automatic login
      user = loginHandler.authenticate(request, response);
      if(user == null) {
        if (mainWindow != null && !mainWindow.isShowingLoginPage()) {
          viewManager.showLoginPage();
        }
      } else {
        setUser(user);
      }
    }

    if(user != null) {
      Authentication.setAuthenticatedUserId(user.getId());
      if (mainWindow != null && mainWindow.isShowingLoginPage()) {
        viewManager.showDefaultPage();
      }
    }

    // Callback to the login handler
    loginHandler.onRequestStart(request, response);
}
</java>

This ends in the DefaultLoginHandler.java and looks like dead end:
<java>
public LoggedInUser authenticate(HttpServletRequest request, HttpServletResponse response) {
    // No automatic authentication is used by default, always through credentials.
    return null;
}
</java>

Is this the right place to extend code and what would be advice?

Regards,
Boris

Re: How to configure activiti-explorer for SSO?

frederikherema1 — Wed, 02 Oct 2013 09:25:43 GMT

Yes, the LoginHandler is the place where you want your custom logic to be implemented and use any environment you need for performing SSO (cookies, …)