Hi All,
I'm trying to get HTTPS authentication with JSPWiki up and running, and
I'm having a bit of difficulty getting things to work properly.
I am running JSPWIki v2.8.3. My LDAP server is OpenDJ 2.4.4. Glassfish
3.1.1 is my application server. These are all running locally on the
same host. Java is version 1.6.0_26.
Container-based LDAP authentication to JSPWiki works fine using insecure
connections - exact configuration is at
http://blog.davekoelmeyer.co.nz/2012/01/28/container-based-authentication-with-jspwiki-glassfish-and-opendj/
In Glassfish I have switched to the secure LDAP port (1636 in my case)
for my JSPWiki security realm, and verified the LDAPS connection handler
is enabled in OpenDJ.
I have exported the OpenDJ private certificate and imported it into the
Glassfish domain JKS keystore hosting JSPWiki.
Finally, in the JSPWiki web.xml file, I have uncommented the
<user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint>
portions in the container manged authentication section.
Now, when attempting to log into JSPWiki, Firefox 11 correctly switches
to an HTTPS connection, and I am warned about the OpenDJ self-signed
certificate which I add to my personal certificate store. Upon then
entering my LDAP user credentials to log in, these are not apparently
rejected, but my user status remains "not logged in". I.e. my
credentials are not apparently explicitly rejected (i.e. I am not simply
bounced back to the login prompt), but are not apparently accepted
either. Very strange.
To clarify the steps on this last point:
1) On my JSPWiki front page, I click on the log in link
2) I am prompted for credentials, and I enter my LDAP username and password
3) I am returned to the page in question - but my user login status as
visible at the top-right of the page is still "not logged in".
I will follow up this email with details from the OpenDJ access logs -
but can anyone point early on to what the problem might be here?
Cheers,
--
Dave Koelmeyer
http://www.davekoelmeyer.co.nz
