Sorry for the delay. Glad you found it :) On Sat, Mar 9, 2013 at 6:06 PM, Mark Jas <m...@nieuwenborg.nl> wrote: > Mailed to soon. Solved it. The default works just fine. > xwiki.authentication.trustedldap.remoteUserParser=(.+)@(.+) > xwiki.authentication.trustedldap.remoteUserMapping.1=login > > > -----Oorspronkelijk bericht----- > Van: users-boun...@xwiki.org [mailto:users-boun...@xwiki.org] Namens Mark > Verzonden: zaterdag 9 maart 2013 17:08 > Aan: XWiki Users > Onderwerp: Re: [xwiki-users] kerberos SSO -> strip domainname from username > > I managed to compile and activate the xwiki-authentication-trusted-ldap > plugin. But still the same result: login works with login prompt, fails with > SSO. > > Debugging showed me that the xwiki doesn't accept the SSO because username > doesn't match. I suppose my xwiki.authentication.trustedldap.remoteUserParser > settings is incorrect. > Can anyone tell me what this settings should be when my kerberos sso user is > "u...@domain.com" and my sAMAccountName in ldap is just "user"? > > > > On Fri, Mar 8, 2013 at 1:53 PM, Mark Jas <m...@nieuwenborg.nl> wrote: >> Hi Thomas, >> >> Thanks for your reply. I should have given you some more info. >> I'm using the default authenticator, because if I use the >> com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl, my >> ldap stops working. >> >> If I use >> com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl >> Kerberos works fine, but new users aren't created, and group sync isn't >> working etc etc... > > com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl > only know about remote user and just create the user page, it's not > connecting to LDAP to update informations or group membership like the LDAP > authenticator do. There is no such authenticator by default but you can look > at > https://github.com/xwiki-contrib/sandbox/tree/master/authenticators/xwiki-authentication-trusted-ldap. > >> >> Maybe my question should be: How do I get LDAP working with the Kerberos >> authenticator? >> >> Mark >> >> >> On Tue, Mar 5, 2013 at 4:35 PM, Mark Jas <m...@nieuwenborg.nl> wrote: >>> Hi all, >>> >>> >>> I have configured xwiki with LDAP authentication and kerberos SSO. >>> >>> When I use a browser without automatic Kerberos SSO, I get a keberos login >>> page. When I fill in username and password manually it works great. >>> >>> But when I set the browser to use automatic logon, I get the xwiki >>> login page! (at least in FireFox, IE says “cannot show page”) >>> >>> I get the same results when I manually login with “username@DOMAIN” >>> and “password”. So I think the domain part is used in the automatic >>> logon. (and is the actual problem…) >>> >>> >>> I see there is java code that strips the @DOMAIN part from the username. >>> But I have no idea how or where to implement this. I hope some can help me! >> >> I never used it myself but from what I see in the code it's supposed to do >> that all the time. Maybe there is a bug. >> >> You can try to enable debug log[1] for class >> com.xpn.xwiki.user.impl.xwiki.AppServerTrustedKerberosAuthServiceImpl >> (that's the authenticator you are using, right ?) to see what's going on. At >> least ou should get what remote user XWiki is getting if any. >> >> [1] http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Logging >> >>> >>> >>> Mark >>> >>> >>> _______________________________________________ >>> users mailing list >>> users@xwiki.org >>> http://lists.xwiki.org/mailman/listinfo/users >> >> >> >> -- >> Thomas Mortagne >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users >> >> _______________________________________________ >> users mailing list >> users@xwiki.org >> http://lists.xwiki.org/mailman/listinfo/users > > > > -- > Thomas Mortagne > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users > > _______________________________________________ > users mailing list > users@xwiki.org > http://lists.xwiki.org/mailman/listinfo/users
-- Thomas Mortagne _______________________________________________ users mailing list users@xwiki.org http://lists.xwiki.org/mailman/listinfo/users
