Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to configure activiti-explorer for SSO?

tombo
Champ in-the-making
Champ in-the-making

‎09-23-2013 03:51 AM

I have activiti-explorer 5.13 deployed at the weblogic 10.3.6. application server with kerberos SPNEGO authentication and authorization against Active Directory (like this example:  http://biemond.blogspot.com/2011/08/single-sign-on-with-windows-kerberos-on.html ).

To obtain SSO, usual method is to set web.xml  login-config:


<login-config>
    <auth-method>CLIENT-CERT</auth-method>
</login-config>


It seems that activiti-explorer is ignoring this parameter as login page appears but it is enough to enter just user name and press login button and user will be authenticated (this confirms that kerberos authentication works). It’s the same whether this login-conf parameter is present or not in the web.xml.

I was unable to find any information regarding this matter, so any help would be appreciated.

Boris
Labels:
0 Kudos
3 REPLIES 3

jbarrez
Star Contributor
Star Contributor

‎09-26-2013 11:15 AM

You probably will need to tweak the source code of Explorer, cause it will show the login page always otherwise
0 Kudos

tombo
Champ in-the-making
Champ in-the-making

‎09-26-2013 02:57 PM

Thank you for response. Unfortunately, I'm not a skilled java developer, so this answer will not be enough to guide me. What I was able to understand (if not mistaken) is that support for SSO is partially implemented. For instance, this code in the ExplorerApp.java:

<java>
public void onRequestStart(HttpServletRequest request, HttpServletResponse response) {
    // Set current application object as thread-local to make it easy accessible
    current.set(this);
   
    // Authentication: check if user is found, otherwise send to login page
    LoggedInUser user = (LoggedInUser) getUser();
    if (user == null) {
      // First, try automatic login
      user = loginHandler.authenticate(request, response);
      if(user == null) {
        if (mainWindow != null && !mainWindow.isShowingLoginPage()) {
          viewManager.showLoginPage();
        }
      } else {
        setUser(user);
      }
    }

    if(user != null) {
      Authentication.setAuthenticatedUserId(user.getId());
      if (mainWindow != null && mainWindow.isShowingLoginPage()) {
        viewManager.showDefaultPage();
      }
    }
   
    // Callback to the login handler
    loginHandler.onRequestStart(request, response);
  }
</java>

This ends in the DefaultLoginHandler.java and looks like dead end:
<java>
public LoggedInUser authenticate(HttpServletRequest request, HttpServletResponse response) {
    // No automatic authentication is used by default, always through credentials.
    return null;
  }
</java>

Is this the right place to extend code and what would be advice?

Regards,
Boris
0 Kudos

frederikherema1
Star Contributor
Star Contributor

‎10-02-2013 05:25 AM

Yes, the LoginHandler is the place where you want your custom logic to be implemented and use any environment you need for performing SSO (cookies, …)
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC