Tomcat with Oracle Internet Directory
Hi, I am new at this so please be patient with me !!! Ok I am trying to get Tomcat to work with Oracle's LDAP implementation (OiD) for authentication purposes. I just wanted to know if anyone has ever tried this. I cant get it to work ! In the REALM tag in server.xml what I have is as follows: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=orcladmin connectionPassword=welcome connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false userPassword=userPassword userPattern=cn={0},dc=com/ and my web.xml file is as follows: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- !-- url-pattern/jsp/security/protected/*/url-pattern -- url-pattern/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameorganizationalRole/role-name role-nameroles/role-name role-nametomcat/role-name /auth-constraint /security-constraint !-- Default login configuration uses form-based authentication -- login-config auth-methodBASIC/auth-method realm-nameExample BASIC Authentication Area/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-nameorganizationalRole/role-name /security-role security-role role-nameroles/role-name /security-role security-role role-nametomcat/role-name /security-role The authentication box comes up when I navigate to my application site but it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And yes I have Users and Roles under OiD assigned. Any help will be greatly appreciated. Thanks Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
I got this working but it is kind of convoluted because of the way OiD encrypts passwords. OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I think SHA may work also, but I have not tried it. MD5 and SHA are the only algorithms supported by the Sun JDK, which is the source of the limitation if I am not mistaken). So you need to configure OiD to use MD5. On top of that, OiD does a base-64 encoding of the digested password, and then prefixes it with the name of the digestion algorithm used in braces. So, if a user has the password welcome, the OiD userPassword attribute will be the MD5 digest of welcome, which is then base-64 encoded and prefixed with {MD5}. The only way I could get it to work is to use form based authentication with no digest. The target of the login form is a handler that performs an MD5 digestion and base-64 encoding and then prefixes the password with {MD5}, then forwards the request to j_security_check. - Doug -Original Message- From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 9:40 AM To: '[EMAIL PROTECTED]' Subject: Tomcat with Oracle Internet Directory Hi, I am new at this so please be patient with me !!! Ok I am trying to get Tomcat to work with Oracle's LDAP implementation (OiD) for authentication purposes. I just wanted to know if anyone has ever tried this. I cant get it to work ! In the REALM tag in server.xml what I have is as follows: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=orcladmin connectionPassword=welcome connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false userPassword=userPassword userPattern=cn={0},dc=com/ and my web.xml file is as follows: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- !-- url-pattern/jsp/security/protected/*/url-pattern -- url-pattern/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameorganizationalRole/role-name role-nameroles/role-name role-nametomcat/role-name /auth-constraint /security-constraint !-- Default login configuration uses form-based authentication -- login-config auth-methodBASIC/auth-method realm-nameExample BASIC Authentication Area/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-nameorganizationalRole/role-name /security-role security-role role-nameroles/role-name /security-role security-role role-nametomcat/role-name /security-role The authentication box comes up when I navigate to my application site but it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And yes I have Users and Roles under OiD assigned. Any help will be greatly appreciated. Thanks Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
Hello Doug, Can you explain in detail what you did do make it to work. I mean creating the Roles in OiD mainly. How did you create the Users and Roles in OiD. I am new to OiD.. so if you can send me a sample LDIF file that will be great. Thanks Adil -Original Message- From: Doug Redd [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 1:37 PM To: Tomcat Users List Subject: RE: Tomcat with Oracle Internet Directory I got this working but it is kind of convoluted because of the way OiD encrypts passwords. OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I think SHA may work also, but I have not tried it. MD5 and SHA are the only algorithms supported by the Sun JDK, which is the source of the limitation if I am not mistaken). So you need to configure OiD to use MD5. On top of that, OiD does a base-64 encoding of the digested password, and then prefixes it with the name of the digestion algorithm used in braces. So, if a user has the password welcome, the OiD userPassword attribute will be the MD5 digest of welcome, which is then base-64 encoded and prefixed with {MD5}. The only way I could get it to work is to use form based authentication with no digest. The target of the login form is a handler that performs an MD5 digestion and base-64 encoding and then prefixes the password with {MD5}, then forwards the request to j_security_check. - Doug -Original Message- From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 9:40 AM To: '[EMAIL PROTECTED]' Subject: Tomcat with Oracle Internet Directory Hi, I am new at this so please be patient with me !!! Ok I am trying to get Tomcat to work with Oracle's LDAP implementation (OiD) for authentication purposes. I just wanted to know if anyone has ever tried this. I cant get it to work ! In the REALM tag in server.xml what I have is as follows: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=orcladmin connectionPassword=welcome connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false userPassword=userPassword userPattern=cn={0},dc=com/ and my web.xml file is as follows: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- !-- url-pattern/jsp/security/protected/*/url-pattern -- url-pattern/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameorganizationalRole/role-name role-nameroles/role-name role-nametomcat/role-name /auth-constraint /security-constraint !-- Default login configuration uses form-based authentication -- login-config auth-methodBASIC/auth-method realm-nameExample BASIC Authentication Area/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-nameorganizationalRole/role-name /security-role security-role role-nameroles/role-name /security-role security-role role-nametomcat/role-name /security-role The authentication box comes up when I navigate to my application site but it cannot authenticate. Has anyone ever tried Oracle and Tomcat before? And yes I have Users and Roles under OiD assigned. Any help will be greatly appreciated. Thanks Adil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat with Oracle Internet Directory
You could use something like this to set up a user (expanding on your earlier example): dn: dc=users,dc=com objectclass: top objectclass: orclContainer cn: users dn: cn=someuser, dc=users,dc=com objectclass: person objectclass: top objectclass: inetOrgPerson sn: someuser cn: someuser And something like this to set up a role with the new user as a member dn: dc=roles,dc=com objectclass: orclContainer objectclass: top cn: roles dn: cn=somerole, dc=roles,dc=com objectclass: groupOfUniqueNames objectclass: top uniquemember: cn=someuser, dc=users,dc=com cn: somerole Then in your realm you would need roleName=cn and userPattern=cn={0},dc=users,dc=com The Tomcat 4.1 docs cover this quite well at http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html -Original Message- From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 10:57 AM To: 'Tomcat Users List' Subject: RE: Tomcat with Oracle Internet Directory Hello Doug, Can you explain in detail what you did do make it to work. I mean creating the Roles in OiD mainly. How did you create the Users and Roles in OiD. I am new to OiD.. so if you can send me a sample LDIF file that will be great. Thanks Adil -Original Message- From: Doug Redd [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 1:37 PM To: Tomcat Users List Subject: RE: Tomcat with Oracle Internet Directory I got this working but it is kind of convoluted because of the way OiD encrypts passwords. OiD defaults to MD4 for the password digestion and Tomcat uses MD5 (I think SHA may work also, but I have not tried it. MD5 and SHA are the only algorithms supported by the Sun JDK, which is the source of the limitation if I am not mistaken). So you need to configure OiD to use MD5. On top of that, OiD does a base-64 encoding of the digested password, and then prefixes it with the name of the digestion algorithm used in braces. So, if a user has the password welcome, the OiD userPassword attribute will be the MD5 digest of welcome, which is then base-64 encoded and prefixed with {MD5}. The only way I could get it to work is to use form based authentication with no digest. The target of the login form is a handler that performs an MD5 digestion and base-64 encoding and then prefixes the password with {MD5}, then forwards the request to j_security_check. - Doug -Original Message- From: Karamat Adil IHMD [mailto:[EMAIL PROTECTED] Sent: Monday, March 10, 2003 9:40 AM To: '[EMAIL PROTECTED]' Subject: Tomcat with Oracle Internet Directory Hi, I am new at this so please be patient with me !!! Ok I am trying to get Tomcat to work with Oracle's LDAP implementation (OiD) for authentication purposes. I just wanted to know if anyone has ever tried this. I cant get it to work ! In the REALM tag in server.xml what I have is as follows: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionName=cn=orcladmin connectionPassword=welcome connectionURL=ldap://LdapServer:389; roleBase=dc=roles,dc=com roleName=tomcat roleSearch=(uniqueMember={0}) roleSubtree=false userPassword=userPassword userPattern=cn={0},dc=com/ and my web.xml file is as follows: security-constraint display-nameExample Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- !-- url-pattern/jsp/security/protected/*/url-pattern -- url-pattern/*/url-pattern !-- If you list http methods, only those methods are protected -- http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-nameorganizationalRole/role-name role-nameroles/role-name role-nametomcat/role-name /auth-constraint /security-constraint !-- Default login configuration uses form-based authentication -- login-config auth-methodBASIC/auth-method realm-nameExample BASIC Authentication Area/realm-name /login-config !-- Security roles referenced by this web application -- security-role role-nameorganizationalRole/role-name /security-role security-role role-nameroles/role-name /security-role security-role role-nametomcat/role-name /security-role The authentication box comes up when I navigate to my application site but it cannot authenticate. Has anyone ever tried Oracle