Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

External authentication with a userIdPattern

lentinj
Champ in-the-making
Champ in-the-making

‎01-15-2010 01:00 PM

Hi,

I've been following the instructions here:-
http://wiki.alfresco.com/wiki/Alfresco_Authentication_Subsystems#External
…to set up Alfresco to trust headers set by the upstream Apache.

I've got:-
alfresco-global.properties
authentication.chain=ssl-headers:external
alfresco/extension/subsystems/Authentication/external/ssl-headers/ssl-headers.properties
external.authentication.enabled=1
external.authentication.proxyUserName=
external.authentication.defaultAdministratorUserNames=jamie
external.authentication.proxyHeader=HTTP_SSLCLIENTCERTSUBJECT
external.authentication.userIdPattern=^(jamie)

Which allows me to log in depending on the value of HTTP_SSLCLIENTCERTSUBJECT, however userIdPattern seems to be ignored.  It doesn't extract "jamie" from a longer string, nor does login fail if the header value is something other than jamie.

I'm guessing other instructions that talk about modifying web.xml filters are talking about Alfresco < 3.2r2, or am I wrong and should be doing more than just the above?
Labels:
0 Kudos
2 REPLIES 2

lentinj
Champ in-the-making
Champ in-the-making

‎01-21-2010 01:31 PM

Hrm, on closer investigation I think a bug renders this option useless.  Tracing the execution the regex does make it's way to the relevant code, however:-


            Matcher matcher = this.userIdPattern.matcher(userId);
            if (matcher.matches())
            {
                userId = matcher.group().trim();
            }

.group() returns the section of userId that userIdPattern matched.  However, matches() will only succeed if it matches the entirety of the string, in which case matcher.group() == userId, and it's achieved nothing.  I'd interpret the documentation as meaning:-


        Matcher matcher = this.userIdPattern.matcher(userId);
        if(matcher.find()) {
            userId = matcher.groupCount() > 0 ? matcher.group(1) : null;
        } 

…and would be more useful if matcher.group() was returned instead of null.  Any comments?
0 Kudos

dward
Champ on-the-rise
Champ on-the-rise

‎01-25-2010 12:43 PM

I agree it should have used group(1). I have logged https://issues.alfresco.com/jira/browse/ETHREEOH-4036
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC