On 18/01/2023 14:20, Jonathan MERCIER wrote:
3. others solution ?
One option is do the authn in a reverse proxy in front to Fuseki. Set
it up so Fuseki will only receive traffic from the reverse proxy.
There is more stuff out there for httpd or nginx.
To my understanding this would imply at least 2 mechanism to
authenticate one to get acces to our ontological database another one
for others services.
I don't think so. httpd, nginx would provide the security principle to
Fuseki. Fuskei is trusting the reverse proxy which is why you have to
ensure that Fuseki only talks to the reverse proxy. Usual API gateway
setup.
----
There a yet another option, depending on the form of Fuseki you are using.
Fuseki ("fuseki-server.jar" in the download; jena-fuseki-fulljar in the
build) is running Jetty.
You can provide the Jetty configuration using "--jetty-config=FILE"
(which inconsistently is "--jetty=" in Fuseki main (no UI - currently))
https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html#og-jaas-configuration
It seems that Jetty can be configured to use LDAP if your add JAAS then
use the LdapLoginModule
https://www.eclipse.org/jetty/documentation/jetty-10/operations-guide/index.html#og-jaas-loginmodules
https://www.eclipse.org/jetty/javadoc/jetty-10/org/eclipse/jetty/jaas/spi/LdapLoginModule.html
I haven't used this myself so this is only from some web searching.
I don't know if Fuseki as released includes the right Jetty code - it
might need adding some Jetty jars to the classpath (the script has details).
----
If they works, or just looks plausible, could you report back?
Andy
