[
https://issues.apache.org/jira/browse/JSPWIKI-140?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12727895#action_12727895
]
Andrew Jaquith commented on JSPWIKI-140:
----------------------------------------
I can confirm that LDAP works with 2.8.2.
I verified it using OpenLDAP 2.3.7 (the stock version shipped with Mac OS X
Leopard) and Tomcat 5.5.
David Gao's instructions for Tomcat
http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP are excellent,
and they should translate reasonably cleanly into a JBoss setup.
The one part of LDAP (indeed for container authentication generally) that does
NOT work as it should is a superflous error message that appears after
successful authentication ("You can't do that..."), which you noted. This is
harmless, though, and the user is actually authenticated. You should consider
the error message annoying but cosmetic. We will fix the error message for
2.8.3.
> Problem with Authentication using JBoss LDAP - custom LDAP roles such as
> "Authenticated" still required?
> --------------------------------------------------------------------------------------------------------
>
> Key: JSPWIKI-140
> URL: https://issues.apache.org/jira/browse/JSPWIKI-140
> Project: JSPWiki
> Issue Type: Bug
> Components: Authentication&Authorization
> Affects Versions: 2.6.1
> Environment: JBoss 4.2.2
> JspWiki 2.6.1 cvs 7
> JRockit R27.4 (= JDK 1.6.0_02)
> Reporter: Milton Taylor
> Assignee: Andrew Jaquith
> Fix For: 2.8
>
>
> I'm having a problem that I think I have tracked down to this change? Maybe
> it doesn't quite work as it was intended:
> From: Ver 2.5.26 change history
> * Minor enhancement to WikiSession now allows full use of non-JSPWiki
> supplied JAAS LoginModules in the JSPWiki-custom configuration.
> Previously,
> we considered a user to be authenticated only if a LoginModule had
> added
> Role.AUTHENTICATED to the Subject's principal set. This is clearly
> unreasonable for LoginModules that have no knowledge of JSPWiki, such
> as Sun's supplied modules or third-party modules used for LDAP
> authentication. Now, we consider a user authenticated if they are
> not anonymous and not asserted, and we lazily add Role.AUTHENTICATED
> in these cases, after login.
> I'm using container managed authentication, and JBoss LDAP authenticator
> module. The authentication itself is not working properly unless the user is
> also a member of role (ldap group) "Authenticated". I first came across this
> issue when running an earlier version of 2.5, probably after this change was
> made I'm not sure.
> I turned on security logging to diagnose what was going on, and
> authentication itself is succeeding but jspwiki then goes looking for the
> Authenticated role in the principals, and of course is not finding it. Is it
> possible there is a race condition here....(esp as I notice the observed
> behavior is actually quite erratic once you hit the login button on jspwiki).
> If the Role.AUTHENTICATED is being added 'lazily', I think it's not being
> added quickly enough?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
