If the pass configuration is for 'otrs' in your example, "proxy.reverse.pass = otrs", then the configuration keys should look like these:
proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customPatterns = \\/otrs\\/customer\\.pl proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.customReplaces = /j2-admin/rproxy/otrs/otrs/customer.pl --- On Fri, 8/20/10, Woonsan Ko <[email protected]> wrote: > From: Woonsan Ko <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Friday, August 20, 2010, 9:13 PM > I guess the first page which tried to > redirect to the second page with wrong url by using > javascript. > If it redirects to other page from the server-side with > http status code and header, then the reverse proxy service > can detect and rewrite to a proxied url from the reverse > proxy configurations if found. > > Anyway, if the first page has javascript to redirect, e.g., > 'location.href = > /otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a', > that script line is not rewritten by default. > (By the way, you can refer to the default rewriting class > here if you're interested in: > http://svn.apache.org/repos/asf/portals/applications/webcontent/trunk/webcontent-jar/src/main/java/org/apache/portals/applications/webcontent/proxy/impl/DefaultReverseProxyLinkRewritingParserAaptor.java) > > If the redirecting script line is simple, then you can add > a custom replace pattern in the reverse proxy configuration > like the following example: > > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customPatterns > = \\/otrs\\/customer\\.pl > proxy.reverse.pass.issues.rewriter.parserAdaptor.html.property.customReplaces > = /j2-admin/rproxy/otrs/otrs/customer.pl > > The above additional custom replace configuration will > replace every line having that regex pattern. > > -Woonsan > > --- On Fri, 8/20/10, [email protected] > <[email protected]> > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Friday, August 20, 2010, 8:19 PM > > I am using > > j2-admin::SSOReverseProxyIFramePortlet. I also > believe > > I am > > using the exact reverse properties as the apache > > example. I have > > discovered one issue when accessing directly in that > it > > appears when I > > enter > > http://host.domain-name.com:8080/j2-admin/rproxy/otrs/otrs/customer.pl, > > > > and login manually, I am redirected to > > http://host.domain-name.com:8080/otrs/customer.pl?CSID=1047f4e2a54420bc329c4f2e3cd511e23a > > > > and I get an HTTP 404 error. If I then correct the > > url and put the > > j2-admin/rproxy/otrs back in, I get the correct page > > rendered and I am > > logged in. In any case, once I get logged in and > try > > to drill down to an > > incident link, I get an error trying to load the > javascript > > because > > something has changed the .js in the link to .html > > Again, I am using the > > apache example config for rewriting. > > > > # ... Set max matching path part count > > proxy.reverse.pass.maxMatchingPathPartCount = 2 > > > > # ... Sets detail attributes for apache path mapping > > proxy.reverse.pass = otrs > > proxy.reverse.pass.otrs.local = /otrs/ > > proxy.reverse.pass.otrs.remote = http://host.domain-name.com/ > > proxy.reverse.pass.otrs.rewriter.basic = > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > proxy.reverse.pass.otrs.rewriter.parserAdaptor = html > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html = > > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.mimeType > > = text/html > > > proxy.reverse.pass.otrs.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > = true > > > > Thanks, MikeB > > > > Mike Ballard > > Director of Internet Development and Networking > > O'Reilly Auto Parts > > (417) 874-7107 Ofc > > (417) 838-0271 Cell > > > > This message is protected by the Electronic > Communications > > Privacy Act, 18 > > USCS § 2510 et seq., and may not be used, copied or > > forwarded without the > > consent of the named recipient(s). The information > > contained in this > > message is confidential, is intended only for the use > of > > the individual or > > entity named. If the reader of this message is not > > the intended > > recipient, you are hereby notified that any > dissemination, > > distribution or > > copying of this communication is strictly > prohibited. > > If you have > > received this communication in error, please notify > me > > immediately at > > 417-874-7107. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/20/2010 12:55 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > Regarding the problem of javascript link ending in .js > to > > .html, with > > which portlet do you meet the problem? > > j2-admin::SSOReverseProxyIFramePortlet, > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet, > > j2-admin::SSOIFramePortlet, > j2-admin::SSOWebContentPortlet, > > or > > j2-admin::SSOProxyPortletPortlet? > > > > j2-admin::SSOReverseProxyIFramePortlet and > > j2-admin::SSOFormBasedAuthReverseProxyIFramePortlet > only > > are using the > > reverse proxy service. > > > > If you are using those reverse proxy portlets, then > how's > > the rewriter > > configurations for the reverse proxy pass mapping in > > /j2-admin/WEB-INF/conf/reverseproxy.properties? > > I'd like to recommend you to use the default > configuration > > like the apache > > example: > > > > # ... Sets detail attributes for apache path mapping > > proxy.reverse.pass.apache.local = /apache/ > > proxy.reverse.pass.apache.remote = http://apache.org/ > > proxy.reverse.pass.apache.rewriter.basic = > > > org.apache.portals.applications.webcontent.rewriter.WebContentRewriter > > proxy.reverse.pass.apache.rewriter.parserAdaptor = > html > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html > = > > > org.apache.portals.applications.webcontent.proxy.impl.DefaultReverseProxyLinkRewritingParserAaptor > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.mimeType > > = text/html > > > proxy.reverse.pass.apache.rewriter.parserAdaptor.html.property.lookUpAllMappings > > > > = true > > > > With the default example above, the rewriting xml > rule > > files such as > > default-rewriter-rules.xml and rewriter-rules-mapping > do > > not play any role > > with reverse proxying portlets. > > > > The last example in the configuration file still uses > the > > Neko and Sax > > parser adaptor configuation, which was provided for > the old > > web content > > portlets. However, it turns out to be less useful in > this > > reverse proxy > > portlets. (The old rewriting xml rules were mainly > for > > rewriting urls to > > portlet urls, while reverse proxy service is just > another > > servlet-based > > solution with integration to portlet, meaning the url > > rewriting doesn't > > need to be that complex any more.) > > > > One more tip is that you could test the reverse > proxying by > > navigating the > > proxied urls directly. > > So, for example, if http://www.yourdomain.com/orders/ is mapped to > > /j2-admin/rproxy/yourdomain/orders/, then you can > browse > > directly to > > http://localhost:8080/j2-admin/rproxy/yourdomain/orders/. > > You can see what > > happens for rewriting problems with this direct > access. > > > > HTH, > > > > Woonsan > > > > --- On Fri, 8/20/10, [email protected] > > <[email protected]> > > > > wrote: > > > > > From: [email protected] > > <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Friday, August 20, 2010, 6:55 PM > > > Good to know. So I have rebuilt > > > my site on 2.2.1 and it seems to be > > > stable, unlike the previous implementation on > Derby. > > > Not sure if that's > > > an indication of a problem with 2.2.1 & > Derby, or > > just > > > a local issue. My > > > remaining issue is the rewrite in the reverse > proxy > > portlet > > > is changing a > > > javascript link ending in .js to .html Any > > ideas? > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/20/2010 11:50 AM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > I believe the pages can be simply copied because > I > > cannot > > > find anything to > > > watch with psml pages either. > > > By the way, you can copy those pages into any > other > > folder > > > by configuring > > > the path in > > /jetspeed/WEB-INF/conf/override.properties. For > > > example, > > > > > > # default path to (XML) PSML pages root folder > > > psml.pages.path = > > > ${applicationRoot}/WEB-INF/migrated_pages > > > > > > Regards, > > > > > > Woonsan > > > > > > --- On Fri, 8/20/10, [email protected] > > > <[email protected]> > > > > > > wrote: > > > > > > > From: [email protected] > > > <[email protected]> > > > > Subject: Re: SSO IFrame form authentication > > > > To: "Jetspeed Users List" <[email protected]> > > > > Date: Friday, August 20, 2010, 3:05 PM > > > > I have installed 2.2.1 with MySQL and > > > > I now need to move my pages and > > > > layouts from the 2.2.0 installation. > Given > > that > > > my > > > > previous 2.2.1 > > > > installation on Derby is defunct, is there > > anything I > > > > should watch out for > > > > this time? Can I simply copy the psml's > > from > > > the > > > > 2.2.0 directories to the > > > > 2.2.1 directories? I have not > > seen a > > > > migration guide to address this > > > > need. > > > > > > > > > > > > > > > > From: > > > > Woonsan Ko <[email protected]> > > > > To: > > > > Jetspeed Users List <[email protected]> > > > > Date: > > > > 08/18/2010 12:35 PM > > > > Subject: > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > Hi, > > > > > > > > I haven't heard of that preferences data > problem > > yet > > > in > > > > 2.2.1. > > > > IMHO, It could help to localize the problems > if > > you > > > test > > > > against other > > > > databases > > > > like PostgreSQL or MySQL. > > > > On the other hand, I think you could deploy > > newer > > > > j2-admin.war and > > > > apa-webcontent.war which were included in > 2.2.1. > > > > > > > > -Woonsan > > > > > > > > > > > > ----- Original Message ---- > > > > > From: "[email protected]" > > > > <[email protected]> > > > > > To: Jetspeed Users List <[email protected]> > > > > > Sent: Wed, August 18, 2010 6:10:25 AM > > > > > Subject: Re: SSO IFrame form > authentication > > > > > > > > > > Well, here's the rub. I believe the > > > > SSOReverseProxyIFramePortlet is new > > > > > > > > > in 2.2.1, which is where I was when I > first > > > posted, > > > > however, I found > > > > that > > > > > my configuration kept getting > scrambled, so > > I > > > reverted > > > > to 2.2.0 I will > > > > > try your suggestion on 2.2.1, but I > will > > have to > > > > address the scrambling > > > > > issue. What is happening is > > this. I > > > have > > > > cloned the IFramePortlet > > > > > several times and configured each for > > different > > > static > > > > content being > > > > > served from apache2. I have avoided > > setting > > > any > > > > user preferences, and, > > > > > > > > > instead, set the preferences for each > clone > > in > > > the > > > > PAM portlet. > > > > Everything > > > > > worked fine. Then after a few hours, > > the > > > > IFramePortlet content was all > > > > > > > > > mixed up. For instance, the portlet > on > > > > > > page 1 would be showing the > > > > > content I had configured for the > portlet on > > page > > > > > > > 2 and so on. I went > > > > into > > > > > PAM and corrected the preferences to > what > > > they > > > > should be and assumed I > > > > was > > > > > ok, but the next morning things were > > > scrambled > > > > again. I did some > > > > queries > > > > > in the derby db and it appears they > > are > > > wrong > > > > there. I don't know if > > > > this > > > > > is a portlet id issue or an indexing > > > problem or > > > > what, but I need a > > > > > resolution before I can proceed to > > 2.2.1 > > > > Of course, I have the exact > > > > same > > > > > configuration in 2.2.0 and am having > > no > > > problem > > > > there, but I also have > > > > no > > > > > SSOReverseProxyIFrame there. > > Any > > > ideas? > > > > > > > > > > > > > > > > > > > > From: > > > > > David Sean Taylor <[email protected]> > > > > > To: > > > > > Jetspeed Users List <[email protected]> > > > > > Date: > > > > > 08/17/2010 07:19 PM > > > > > Subject: > > > > > Re: SSO IFrame form authentication > > > > > > > > > > > > > > > > > > > > On Tue, Aug 17, 2010 at 1:40 PM, > > > <[email protected]> > > > > > > > wrote: > > > > > > How did your testing go? I > > compared > > > SSO > > > > Webcontent (which works, > > > > sort > > > > > of) > > > > > > to SSO IFrame classes and I see a > > method > > > > for preemptive login in the > > > > > > webcontent class but no reference > at > > all in > > > > the SSO IFrame class. > > > > Does > > > > > > this just mean it is being done > > > > differently, or is something amiss in > > > > > > > > > the > > > > > > SSO IFrame class? > > > > > > > > > > There are two SSOIFrame classes: > > > > > > > > > > 1. SSOIFramePortlet > > > > > 2. SSOReverseProxyIFramePortlet > > > > > > > > > > Suggest using the second one, > > > > SSOReverseProxyIFramePortlet as it gives > > > > > you features not available in the > > older > > > > SSOIFramePortlet such as > > > > > auto-resizing and form-based > authentication > > > > > > (what you are after) > > > > > > > > > > I tested with > SSOReverseProxyIFramePortlet > > and > > > > it worked in the > > > > > example that comes with Jetspeed, but > it > > takes a > > > > little bit of > > > > > configuration. > > > > > > > > > > First, ensure your Tomcat will need > this > > > > attribute set in the > > > > > <Connector> element of > > server.xml: > > > > > > > > > > emptySessionPath="true" > > > > > > > > > > more detail here: > > > > > > > > > > http://portals.apache.org/applications/webcontent/index.html > > > > > > > > > > If you had to change server.xml > > setting, > > > then > > > > restart your server > > > > > > > > > > I took these steps to verify SSO > with > > the > > > > example form-based login > > > > > that comes with Jetspeed: > > > > > > > > > > 1. login as admin > > > > > 2. navigate to the Jetspeed > Administration > > > > space, SSO Management page, > > > > > or just go here: > > > > > > > > > > http://localhost:8080/jetspeed/ui/Administrative/sso-admin.psml > > > > > > > > > > Add a new Site with following > > parameters: > > > > > > > > > > Site Name: Form Example > > > > > Site URL: http://localhost:8080/j2-admin/examples/formauth.jsp > > > > > Field name for User ID: user > > > > > Field name For Password value: pass > > > > > > > > > > Press Save > > > > > > > > > > Add a new credential for this site > in > > the > > > > portlet on the right side > > > > > (SSO Details): > > > > > > > > > > Portal Principal: admin > > > > > Remote Principal: admin > > > > > Remote Credential: admin > > > > > > > > > > Press Add > > > > > > > > > > You can verify that the remote > > > credential > > > > was added for the admin > > > > > user by going here: > > > > > > > > > > http://localhost:8080/jetspeed/ui/my-account.psml > > > > > > > > > > see the portlet on the right "SSO > > Change > > > > Passwords", a remote site > > > > > entry should be there named "Form > > Example" > > > > > > > > > > Next, you can use the Toolbox to find > the > > > > Reverse Proxy Iframe Portlet > > > > > by searching on "iframe" and then > selecting > > it > > > > from there and adding > > > > > to a page. To make things simple, I > just > > added a > > > > page and then added > > > > > the Reverse Proxy Iframe Portlet there. > At > > first > > > this > > > > portlet seems to > > > > > want to use Basic Authentication, so > just > > hit > > > cancel > > > > when challenged. > > > > > I then switched to edit mode (pencil > icon), > > and > > > > entered the following > > > > > preferences: > > > > > > > > > > TITLE: My SSO Test > > > > > SRC: http://localhost:$ > > > {serverPort}${contextPath}/examples/formauth.jsp > > > > > > > > > > Press Save > > > > > > > > > > You should see in your portlet content > > something > > > > > > > like: > > > > > > > > > > "Hello, admin. You have been authorized > by > > > > form-based authentication > > > > !!!" > > > > > > > > > > Give that a try and see if it works. > Then, > > move > > > on > > > > to your specific > > > > > IFrame source and let us know how it > > > goes... > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: > > [email protected] > > > > > For additional commands, e-mail: > > > [email protected] > > > > > > > > > > > > > > > -- > > > > > This message has been scanned for > > viruses > > > and > > > > > dangerous content by MailScanner, > and > > is > > > > > believed to be clean > > > > (mailgw2:E659D1E6FC.D1395). > > > > > > > > > > > > > > > > > > > > > > > > > This communication and any > attachments > > are > > > > confidential, protected by > > > > > Communications Privacy Act 18 USCS > § > > > 2510, > > > > solely for the use of the > > > > > intended recipient, and may contain > > > legally > > > > privileged material. If you > > > > > > > > > are not the intended recipient, please > > > > return or > > > > destroy it > > > > immediately. > > > > > Thank you. > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > -- > > > > This message has been scanned for viruses > and > > > > dangerous content by MailScanner, and is > > > > believed to be clean > (mailgw2:9902C1E701.B0EA8). > > > > > > > > > > > > > > > > > > > > This communication and any attachments are > > > confidential, > > > > protected by > > > > Communications Privacy Act 18 USCS § 2510, > > solely for > > > the > > > > use of the > > > > intended recipient, and may contain legally > > > privileged > > > > material. If you > > > > are not the intended recipient, please > return or > > > destroy it > > > > immediately. > > > > Thank you. > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean > (mailgw2:8B04D2A000C.7088C). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, > > > protected by > > > Communications Privacy Act 18 USCS § 2510, > solely for > > the > > > use of the > > > intended recipient, and may contain legally > > privileged > > > material. If you > > > are not the intended recipient, please return or > > destroy it > > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:792FC1E702.4691D). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
