03-14-2012 10:46 AM
I am brand new to Nuxeo. I would like to authenticate users logging onto Nuxeo identified by a username and password against an external SSO system accessed via our existing web service.
I have read much Nuxeo documentation and am pretty confused as to the steps required.
I thought that the first step would be to create and register my own LoginPlugin and register it in the LoginPluginRegistry. This did not work, as my java class (myLoginPlugin) fails to load (null pointer exception). But even if it did load, I'm not sure about how next to proceed.
I am also examining the PluggableAuthenticationService as a possible extension point.
Can someone provide a step-by-step list of extension points and components that I will have to configure/provide to make this work? I've studied a lot of documentation and am pretty confused. Perhaps there is a sample or a tutorial that does this?
Thank you
03-14-2012 10:51 AM
Hi,
Have you looked at the different login plugins that already exists? Maybe you'll find one that suits you. If not, most of them also have a sample folder.
03-15-2012 05:41 AM
You can find all the documentation here.
So here are steps:
If you use a LDAP or a SQL table for user management, you will just have to:
03-15-2012 08:22 AM
I add also a documentation about the User Manager, [here][1].
03-15-2012 05:16 PM
Thanks for providing the steps. Very useful. I have created both a NuxeoAuthenticationPlugin, and a LoginPlugin. Initially my Authenticator was not loading, but that was caused by some improper XML. I have fixed that, but now when presenting the login page, I get a NullPointerException from the NuxeoAuthenticationFilter class as follows...
03-17-2012 05:15 AM
First you don't need to have the implementation item as you don't register a new service. You only contribute to 2 extensions points. You can look what I mean by create a service, [here][1]. Read with attention the "Contribute to an Extension Point" section, if you want to understand, that.
03-19-2012 06:52 AM
What is the value of the plugin name? did you fetch it into the init method ?
03-15-2012 10:04 PM
We use a similar configuration, with mod_proxy_sso, here is our config file. You'll notice 3 extensions. For Nuxeo 5.5. Hope this helps you figure it out.
<component name="local.mod_sso">
<require>org.nuxeo.ecm.platform.ui.web.auth.defaultConfig</require>
<require>org.nuxeo.ecm.platform.ui.web.auth.WebEngineConfig</require>
<require>org.nuxeo.ecm.automation.server.auth.config</require>
<require>org.nuxeo.ecm.platform.login.Proxy</require>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="authenticators">
<authenticationPlugin name="PROXY_AUTH">
<loginModulePlugin>Trusting_LM</loginModulePlugin>
<parameters>
<parameter name="ssoHeaderName">REMOTE_USER</parameter>
</parameters>
</authenticationPlugin>
</extension>
<!-- Override Proxy Auth into authentication chain -->
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="chain">
<authenticationChain>
<!-- Keep basic Auth at top of Auth chain to support RSS access via BasicAuth -->
<plugins>
<plugin>BASIC_AUTH</plugin>
<plugin>FORM_AUTH</plugin>
<plugin>WEBENGINE_FORM_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
<plugin>WEBSERVICES_AUTH</plugin>
<plugin>PROXY_AUTH</plugin>
</plugins>
</authenticationChain>
</extension>
<extension
target="org.nuxeo.ecm.platform.ui.web.auth.service.PluggableAuthenticationService"
point="specificChains">
<specificAuthenticationChain name="Automation">
<urlPatterns>
<url>(.*)/automation.*</url>
</urlPatterns>
<replacementChain>
<plugin>AUTOMATION_BASIC_AUTH</plugin>
<plugin>ANONYMOUS_AUTH</plugin>
<plugin>PROXY_AUTH</plugin>
</replacementChain>
</specificAuthenticationChain>
</extension>
</component>
03-16-2012 06:38 AM
Mmmh, the specificChains is used to enable a specific chain on a pattern of URL. I'm not sure this his need.
03-16-2012 07:02 AM
Did not say I was sure either
Find what you came for
We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.