Headers Trusted Authentication Adapter
Version 14.2 by Denis Gervalle on 2018/02/01 13:17
Adapter for the Trusted authentication framework that base authentication on HTTP headers |
Type | JAR |
Category | |
Developed by | |
Active Installs | 2 |
Rating | |
License | GNU Lesser General Public License 2.1 |
Table of contents
Description
Provides XWiki authentication by trusting HTTP Headers and getting information about new users from those same headers.
This authenticator has the following specific behavior:
- getUserId(): Check and verify the secret_field http header against the secret_value, and on success returns the value of the auth_field http header
- getUserName(): returns the value of the id_field http header
- getUserProperty(): returns the value of the http header having the given name
- isUserInRole(): return true if the splitted array of the group_field http header by the group_value_separator contains the given name
Specific configuration
#-# Define the hint of the HeadersTrustedAuthenticationAdapter to be used for providing the effective
#-# trusted authentication.
xwiki.authentication.trusted.adapterHint=headers
#-# Name of the header field used to check for the authentication of a user.
#-# The content of this field should not be empty to have this authenticator to proceed, and it will be put
#-# in the debugging log. But not real usage of this header value is done by the authenticator.
#-# The default is to use the REMOTE_USER header.
# xwiki.authentication.trusted.auth_field=remote_user
#-# Name of the header field holding the UserID of the authenticated user.
#-# This name will be used as the unique user name. It will be transformed in lowercase, and it will be
#-# cleaned by replacing dots (.) by equal signs (=), and replacing at signs (@) by underscores (_).
#-# For example John.Doe@example.com will became john=doe_example=com.
#-# The default is to use the REMOTE_USER header.
# xwiki.authentication.trusted.id_field=remote_user
#-# Name of a header field containing a shared secret value.
#-# While not mandatory, this field is hardly recommended to properly authenticate that headers has not be forged.
#-# If not set, a warning will remind you in the log, since this is really a risky situation.
# xwiki.authentication.trusted.secret_field=
#-# The shared secred that should match the content of the shared secret header field.
# xwiki.authentication.trusted.secret_value= (no default, only used when set)
#-# Name of a header field holding the list of group the user is a member of.
#-# If not configure, no group synchronization is provided.
# xwiki.authentication.trusted.group_field=
#-# A separator used to split the list of groups into group names.
#-# Default to the pipe character.
# xwiki.authentication.trusted.group_value_separator=|
#-# trusted authentication.
xwiki.authentication.trusted.adapterHint=headers
#-# Name of the header field used to check for the authentication of a user.
#-# The content of this field should not be empty to have this authenticator to proceed, and it will be put
#-# in the debugging log. But not real usage of this header value is done by the authenticator.
#-# The default is to use the REMOTE_USER header.
# xwiki.authentication.trusted.auth_field=remote_user
#-# Name of the header field holding the UserID of the authenticated user.
#-# This name will be used as the unique user name. It will be transformed in lowercase, and it will be
#-# cleaned by replacing dots (.) by equal signs (=), and replacing at signs (@) by underscores (_).
#-# For example John.Doe@example.com will became john=doe_example=com.
#-# The default is to use the REMOTE_USER header.
# xwiki.authentication.trusted.id_field=remote_user
#-# Name of a header field containing a shared secret value.
#-# While not mandatory, this field is hardly recommended to properly authenticate that headers has not be forged.
#-# If not set, a warning will remind you in the log, since this is really a risky situation.
# xwiki.authentication.trusted.secret_field=
#-# The shared secred that should match the content of the shared secret header field.
# xwiki.authentication.trusted.secret_value= (no default, only used when set)
#-# Name of a header field holding the list of group the user is a member of.
#-# If not configure, no group synchronization is provided.
# xwiki.authentication.trusted.group_field=
#-# A separator used to split the list of groups into group names.
#-# Default to the pipe character.
# xwiki.authentication.trusted.group_value_separator=|
Prerequisites & Installation Instructions
We recommend using the Extension Manager to install this extension (Make sure that the text "Installable with the Extension Manager" is displayed at the top right location on this page to know if this extension can be installed with the Extension Manager).
You can also use the manual method which involves dropping the JAR file and all its dependencies into the WEB-INF/lib folder and restarting XWiki.
- copy this xwiki-authenticator-trusted-headers jar file into WEB_INF/lib/ (or install with EM for XWiki >6.1)
- also install the required dependency: Trusted authentication framework
- setup xwiki.cfg according to the above explanation and the Trusted authentication framework ones
Release Notes
v1.1
v1.0.2
Dependencies
Dependencies for this extension (org.xwiki.contrib.authentication:xwiki-authenticator-trusted-headers 1.2):
- org.xwiki.platform:xwiki-platform-oldcore 5.4.1
- org.xwiki.contrib.authentication:xwiki-authenticator-trusted-api 1.2