External authentication and the user id pattern

florianhuebner — Fri, 19 Aug 2011 13:09:05 GMT

HelloWe wanted to switch from kerberos to external authentication.I have set external.authentication.enabled=trueexternal.authentication.proxyHeader=REMOTE_USER‍‍and as long as basic authentication is used on the Apache everything works fine.Now I wanted to switch to AuthType Kerberos but I get an A

Re: External authentication and the user id pattern

florianhuebner — Wed, 24 Aug 2011 06:19:14 GMT

I found a Remote User filter that I had to put into Tomcat to make it work:

Its the "RemoteUserFilter" tool on this page: http://www.switch.ch/aai/support/tools/index.html

Just had to put the jar file into the WEB-INF/lib folder and add the following two snippets into the web.xml:

The Filter definition:

   <filter>
      <filter-name>KerberosRemoteUserFilter</filter-name>
      <filter-class>ch.SWITCH.aai.filters.KerberosRemoteUserFilter</filter-class>
   </filter>
‍‍‍‍‍

and the filter mapping itself

   <filter-mapping>
      <filter-name>KerberosRemoteUserFilter</filter-name>
      <url-pattern>/*</url-pattern>
   </filter-mapping>
‍‍‍‍‍

It probably would have been enough if I would have placed it before the Global Authentication Filter with the "/faces/*" url pattern but I wanted to be sure so I put it right at the start of the chain.

topic External authentication and the user id pattern in Alfresco Archive

External authentication and the user id pattern

Re: External authentication and the user id pattern