Details
-
Improvement
-
Resolution: Duplicate
-
Neutral
-
None
-
None
-
None
-
None
Description
To understand problem see MGNLCAS-7.
There are two ways how to avoid this behaviour:
1. Disable Config:/server/filters/login/form (info.magnolia.cms.security.auth.login.FormLogin) handler
NOTE: This disable login of magnolia user for example superuser by http://localhost:8080/magnoliaAuthor/.magnolia/page/adminCentral.html?mgnlUserId=superuser&mgnlUserPSWD=superuser
2.Split info.magnolia.jaas.sp.jcr.JCRAuthenticationModule and info.magnolia.jaas.sp.ldap.ADAuthenticationModule into different jaas login chain
For example: Add jaasChain property to Config:/server/filters/login/ntlm/ with value magnolia-ntlm. And change jaas.config from configuration described at http://documentation.magnolia-cms.com/display/DOCS45/CAS+Connector+module#CASConnectormodule-ConfiguringJAAS to
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule required;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
magnolia-ntlm {
info.magnolia.jaas.sp.ldap.ADAuthenticationModule required realm=external;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
}