Hello!

I'm using HeaderAuthenticator method for almost 2 years since CMDBuild 1.5 and followed by 2.0. But it seems in 2.1 something was changed and undocumented. I can't get it working almost at all.

My installation for CMDBuild 2.1 is made on: OS Debian 7 x64, Web-server Apache 2.2.22 for kerberos authentication and proxying, App-server Tomcat 7.0.28 for CMDBuild application.

Normally auth procedure was working as follows:

1) Apache authenticates a user against Active Directory domain via kerberos and uses mod_rewrite to add an extra header namely "x-forwarded-user" with authenticated user name. Then Apache redirects user's calls to the Tomcat with CMDBuild.

2) The auth.conf file has HeaderAutenticator enabled and header.attribute.name set to x-forwarded-user:

auth.methods=HeaderAuthenticator,DBAuthenticator

header.attribute.name=x-forwarded-user

Hello!

I'm using HeaderAuthenticator method for almost 2 years since CMDBuild 1.5 and followed by 2.0. But it seems in 2.1 something was changed and undocumented. I can't get it working almost at all.

My installation for CMDBuild 2.1 is made on: OS Debian 7 x64, Web-server Apache 2.2.22 for kerberos authentication and proxying, App-server Tomcat 7.0.28 for CMDBuild application.

Normally auth procedure was working as follows:

1) Apache authenticates a user against Active Directory domain via kerberos and uses mod_rewrite to add an extra header namely "x-forwarded-user" with authenticated user name. Then Apache redirects user's calls to the Tomcat with CMDBuild.

2) The auth.conf file has HeaderAutenticator enabled and header.attribute.name set to x-forwarded-user:

auth.methods=HeaderAuthenticator,DBAuthenticator

header.attribute.name=x-forwarded-user

It was perfectly working just before CMDBuild upgrade from 2.0 to 2.1.

I checked the source code on BitBucket and found that all authentication were fully rewrited. Maybe there are some undocumented changes in these procedures or something else.

Please, help me with this problem. I use CMDBuild in production and I can't upgrade the production base from 2.0 to 2.1 without this functionality.

 

--

Regards,

Andrey

 

Hello!

Can you give me any advice regarding my problem with HeaderAuthenticator?

 

Andrey

 

Previously Andrey wrote:

Hello!

I'm using HeaderAuthenticator method for almost 2 years since CMDBuild 1.5 and followed by 2.0. But it seems in 2.1 something was changed and undocumented. I can't get it working almost at all.

My installation for CMDBuild 2.1 is made on: OS Debian 7 x64, Web-server Apache 2.2.22 for kerberos authentication and proxying, App-server Tomcat 7.0.28 for CMDBuild application.

Normally auth procedure was working as follows:

1) Apache authenticates a user against Active Directory domain via kerberos and uses mod_rewrite to add an extra header namely "x-forwarded-user" with authenticated user name. Then Apache redirects user's calls to the Tomcat with CMDBuild.

2) The auth.conf file has HeaderAutenticator enabled and header.attribute.name set to x-forwarded-user:

auth.methods=HeaderAuthenticator,DBAuthenticator

header.attribute.name=x-forwarded-user

It was perfectly working just before CMDBuild upgrade from 2.0 to 2.1.

I checked the source code on BitBucket and found that all authentication were fully rewrited. Maybe there are some undocumented changes in these procedures or something else.

Please, help me with this problem. I use CMDBuild in production and I can't upgrade the production base from 2.0 to 2.1 without this functionality.

 

--

Regards,

Andrey