Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Using an external sso system for authentication

dlovat_
Champ in-the-making
Champ in-the-making

‎03-14-2012 01:46 PM

I am brand new to Nuxeo. I would like to authenticate users logging onto Nuxeo identified by a username and password against an external SSO system accessed via our existing web service.

I have read much Nuxeo documentation and am pretty confused as to the steps required.

I thought that the first step would be to create and register my own LoginPlugin and register it in the LoginPluginRegistry. This did not work, as my java class (myLoginPlugin) fails to load (null pointer exception). But even if it did load, I'm not sure about how next to proceed.

I am also examining the PluggableAuthenticationService as a possible extension point.

Can someone provide a step-by-step list of extension points and components that I will have to configure/provide to make this work? I've studied a lot of documentation and am pretty confused. Perhaps there is a sample or a tutorial that does this?

Thank you

0 Kudos
13 REPLIES 13

Laurent_Doguin
Star Collaborator
Star Collaborator

‎03-14-2012 01:51 PM

Hi,

Have you looked at the different login plugins that already exists? Maybe you'll find one that suits you. If not, most of them also have a sample folder.

0 Kudos

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator

‎03-15-2012 08:41 AM

You can find all the documentation here.

So here are steps:

  • create you nuxeo plugin project (from IDE, it's easy)
  • create a new component to contribute your LoginPlugin (if the user identity validation is not default one - see the documentation above)
  • create a new component to contribute your authenticator (and refer your loginModule if required)
  • implement your authenticator class
  • Create your authentication chain
  • There is also the user management configuration. If you are using other thing that LDAP or SQL repository, you will have to define your user manager.

If you use a LDAP or a SQL table for user management, you will just have to:

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator
In response to Benjamin_Jalon1

‎03-15-2012 11:22 AM

I add also a documentation about the User Manager, [here][1].

0 Kudos

dlovat_
Champ in-the-making
Champ in-the-making
In response to Benjamin_Jalon1

‎03-15-2012 08:16 PM

Thanks for providing the steps. Very useful. I have created both a NuxeoAuthenticationPlugin, and a LoginPlugin. Initially my Authenticator was not loading, but that was caused by some improper XML. I have fixed that, but now when presenting the login page, I get a NullPointerException from the NuxeoAuthenticationFilter class as follows...

0 Kudos

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator
In response to Benjamin_Jalon1

‎03-17-2012 08:15 AM

First you don't need to have the implementation item as you don't register a new service. You only contribute to 2 extensions points. You can look what I mean by create a service, [here][1]. Read with attention the "Contribute to an Extension Point" section, if you want to understand, that.

0 Kudos

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator
In response to Benjamin_Jalon1

‎03-19-2012 09:52 AM

What is the value of the plugin name? did you fetch it into the init method ?

0 Kudos

patrek
Star Contributor
Star Contributor

‎03-16-2012 01:04 AM

We use a similar configuration, with mod_proxy_sso, here is our config file. You'll notice 3 extensions. For Nuxeo 5.5. Hope this helps you figure it out.

    <component name="local.mod_sso">
	<require>org.nuxeo.ecm.platform.ui.web.auth.defaultConfig</require>
	<require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
	<require>org.nuxeo.ecm.automation.server.auth.config</require>
	<require>org.nuxeo.ecm.platform.login.Proxy</require>
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="authenticators">
		<authenticationPlugin name="PROXY_AUTH">
			<loginModulePlugin>Trusting_LM</loginModulePlugin>
			<parameters>
				<parameter name="ssoHeaderName">REMOTE_USER</parameter>
			</parameters>
		</authenticationPlugin>
	</extension>
	<!-- Override Proxy Auth into authentication chain -->
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="chain">
		<authenticationChain>
			<!-- Keep basic Auth at top of Auth chain to support RSS access via BasicAuth -->
			<plugins>
				<plugin>BASIC_AUTH</plugin>
				<plugin>FORM_AUTH</plugin>
				<plugin>WEBENGINE_FORM_AUTH</plugin>
				<plugin>ANONYMOUS_AUTH</plugin>
				<plugin>WEBSERVICES_AUTH</plugin>
				<plugin>PROXY_AUTH</plugin>
			</plugins>
		</authenticationChain>
	</extension>
	<extension
		target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
		point="specificChains">
		<specificAuthenticationChain name="Automation">
			<urlPatterns>
				<url>(.*)/automation.*</url>
			</urlPatterns>
			<replacementChain>
				<plugin>AUTOMATION_BASIC_AUTH</plugin>
				<plugin>ANONYMOUS_AUTH</plugin>
				<plugin>PROXY_AUTH</plugin>
			</replacementChain>
		</specificAuthenticationChain>
	</extension>
</component>
0 Kudos

Benjamin_Jalon1
Elite Collaborator
Elite Collaborator
In response to patrek

‎03-16-2012 09:38 AM

Mmmh, the specificChains is used to enable a specific chain on a pattern of URL. I'm not sure this his need.

0 Kudos

patrek
Star Contributor
Star Contributor
In response to patrek

‎03-16-2012 10:02 AM

Did not say I was sure either

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC