Changes for page User Authentication

Last modified by Simon Urli on 2023/12/11

From version 35.1
edited by Caleb James DeLisle
on 2010/03/11
Change comment: Filled in some values in the authentication parameters chart.
To version 34.1
edited by Silvia Macovei
on 2010/03/04
Change comment: Document converted from syntax xwiki/1.0 to syntax xwiki/2.0

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,0 @@
1 -User Authentication
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.CalebJamesDeLisle
1 +XWiki.SilviaRusu
Content
... ... @@ -1,6 +1,8 @@
1 += User Authentication =
2 +
1 1  XWiki supports several different authentication mechanisms for authenticating users:
2 2  
3 -{{toc/}}
5 +{{toc start="" depth="" numbered=""/}}
4 4  
5 5  The form authentication is the default mechanism.
6 6  
... ... @@ -8,17 +8,17 @@
8 8  Note that currently XWiki allows only one method of authentication to be enabled at a time. This will probably be improved in the future.
9 9  {{/info}}
10 10  
11 -= Form Authentication =
13 +== Form Authentication ==
12 12  
13 13  TODO
14 14  
15 -= LDAP Authentication =
17 +== LDAP Authentication ==
16 16  
17 17  {{warning}}
18 18  New LDAP implementation since XWiki Platform 1.3M2, see [[previous LDAP authentication service documentation>>AuthenticationLdapOld]]
19 19  {{/warning}}
20 20  
21 -== Generic LDAP configuration ==
23 +=== Generic LDAP configuration ===
22 22  
23 23  In order to enable the LDAP support you have to change the authentication method in //WEB-INF/xwiki.cfg// as follows:
24 24  
... ... @@ -93,7 +93,7 @@
93 93  {{/code}}
94 94  
95 95  {{info}}
96 -You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace "xwiki.authentication.ldap." by "ldap_". For example ##xwiki.authentication.ldap.base_DN## becomes ##ldap_base_DN##
98 +You can also setup the LDAP configuration in XWiki.XWikiPreferences page by going to the object editor. Simply replace
97 97  {{/info}}
98 98  
99 99  For testing purposes, you may wish to omit the "ldap.fields_mapping" field, to test the authentication first, and then add it later to get the mappings right.
... ... @@ -103,11 +103,11 @@
103 103  * [[Apache Directory Studio>>http://directory.apache.org/studio/]]
104 104  * [[LDAP Browser/Editor>>http://www-unix.mcs.anl.gov/gawor/ldap/]]
105 105  
106 -== Detailed use cases ==
108 +=== Detailed use cases ===
107 107  
108 108  See [[LDAP configuration uses cases>>LDAPAuthenticationUseCases]] for some detailed use cases.
109 109  
110 -== Enable LDAP debug log ==
112 +=== Enable LDAP debug log ===
111 111  
112 112  See [[AdminGuide.Logging]]. The specific targets for LDAP authentication are:
113 113  
... ... @@ -116,11 +116,11 @@
116 116  log4j.logger.com.xpn.xwiki.user.impl.LDAP=debug
117 117  {{/code}}
118 118  
119 -= eXo Authentication =
121 +== eXo Authentication ==
120 120  
121 121  The eXo authentication is used automatically by adding/editing the //xwiki.exo=1// property in //WEB-INF/xwiki.cfg//.
122 122  
123 -= Custom Authentication =
125 +== Custom Authentication ==
124 124  
125 125  This allows plugging to any existing authentication mechanism such as SiteMinder, etc. To configure a custom authentication do the following:
126 126  
... ... @@ -145,7 +145,7 @@
145 145  xwiki.authentication.groupclass = com.acme.MyCustomGroupService
146 146  {{/code}}
147 147  
148 -== Custom Authentication using a Groovy script in a wiki page ==
150 +=== Custom Authentication using a Groovy script in a wiki page ===
149 149  
150 150  Start by specifying you want to use the Groovy Authenticator:
151 151  
... ... @@ -161,7 +161,7 @@
161 161  
162 162  Then in a wiki page put some Groovy code that returns a XWikiAuthService object.
163 163  
164 -= Authentication parameters ===
166 +== Authentication parameters ==
165 165  
166 166  You can set each of these parameters by setting:
167 167  
... ... @@ -181,17 +181,17 @@
181 181  |encryptionpadding|Yes|?|?|Set the Encryption Padding used to encrypt and decrypt cookies
182 182  |errorpage|Yes|String|/bin/loginerror/ XWiki/XWikiLogin|Page to redirect to if there is an error logging in
183 183  |loginpage|Yes|String|/bin/login/ XWiki/XWikiLogin|Page to redirect to when not logged in
184 -|loginsubmitpage|Yes|String|/loginsubmit/ XWiki/XWikiLogin|The URL where the username and password are posted to when logging in.
186 +|loginsubmitpage|Yes|String|/loginsubmit/ XWiki/XWikiLogin|?
185 185  |logoutpage|Yes|String|/bin/logout/ XWiki/XWikiLogout|Page to redirect to after logged out
186 186  |realmname|Yes|String|XWiki|Sets the realm name
187 187  |protection|Yes|all, validation, encryption, none|all|Protection level for the "remember me" cookie functionality
188 -|unauthorized_code|Yes|Number|401|The HTTP status code to return when the login has failed.
190 +|unauthorized_code|Yes|?|?|?
189 189  |useip|Yes|true / false|true|Specify to use the IP address when encrypting the cookie data; if IP address changes will need to re-login.
190 190  
191 191  1. Only required if protection = encryption or all (default)
192 192  1. Only required if protection = validation or all (default)
193 193  
194 -= Kerberos SSO Authentication =
196 +== Kerberos SSO Authentication ==
195 195  
196 196  {{warning}}
197 197  This implementation of SSO is currently under review see: http://jira.xwiki.org/jira/browse/XWIKI-2496 . The class which is described in this segment of documentation, AppServerTrustedKerberosAuthServiceImpl, is not part of the default XWiki distribution!
... ... @@ -256,7 +256,7 @@
256 256  
257 257  2 JBoss SPNEGO (Kerberos in combination with LDAP) I changed the code of the XWikiLDAPAuthServiceImpl to be able to detect the sso user. The authenication already happend by using the SPNEGO module (JAAS). After that I'm using the ldap synchronisation feature to make sure that the user is up to date. The combination leads to an automatic login in the xwiki and the user rights are controlled in the Active Directory server. I hope you can adopt this code or that you can use it for your own projects.
258 258  
259 -The configuration of ldap:
261 +The configuration of ldap;
260 260  
261 261  {{code}}
262 262  xwiki.authentication.authclass=com.wiki.sso.SSOLdapAuthenicationImpl

Get Connected