[DOCU-469] Changes in ntlm 4.5 and 5 documentation Created: 12/Sep/13 Updated: 07/Oct/14 Resolved: 07/Oct/14 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Milan Divilek | Assignee: | Antti Hietala |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Description |
|
http://documentation.magnolia-cms.com/display/DOCS45/NTLM+Connector+module need to be improved. NTLM module which is compatible with 4.5 and 5 is version 1.1. http://documentation.magnolia-cms.com/display/DOCS/NTLM+Connector+module can be same as for 4.5 there are no differences in setup. Because of conflict with guava library. Waffle needs guava 13.0.1 and it's incompatible with guava 10.0.1 witch is used by Magnolia. It's possible use NTLM module only whe SSO authentication via tomcat is enabled. This limitation should be fixed with Magnolia 5.2 see Changes in "To configure the module:" section. 1.Stop the application server(s) where you are deploying the module.
3.Copy provided jaas.policy file into the magnoliaAuthor and magnoliaPublic directories.
5. Set ssoSlave = true in your ad.properties file. 6.Append following to jaas.config in magnoliaAuthor/WEB-INF/config and magnoliaPublic/WEB-INF/config:
Jaas {
waffle.jaas.WindowsLoginModule sufficient;
};
7. Two ways how to avoid behavior when logged user can change his identity to another user without knowing the password
magnolia {
info.magnolia.jaas.sp.jcr.JCRAuthenticationModule required;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
magnolia-ntlm {
info.magnolia.jaas.sp.ldap.ADAuthenticationModule required realm=external;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;
};
Jaas {
waffle.jaas.WindowsLoginModule sufficient;
};
Changes in "How it works" section.
It's not true anymore instead of NTLM client callback is added into securityCallback Configuration:/server/filters/securityCallback/clientCallbacks/ntlm |
| Comments |
| Comment by Roman Kovařík [ 22/Oct/13 ] |
There's extra '3' which could be misleading. Otherwise seems OK. |
| Comment by Ruth Stocks [ 07/Oct/14 ] |
|
Documented at: |