Re: [Hypercontent-users] CASIFY Hypercontent - issue
Brought to you by:
alexvigdor
Menu
▾
▴
Re: [Hypercontent-users] CASIFY Hypercontent - issue
|
From: Alex V. <al...@bi...> - 2006-10-27 12:52:31
|
On Oct 27, 2006, at 2:22 AM, tom tom wrote:
> Hi Alex,
>
> I download the latest from CVS and installed it.
> Also I created a simple project definition and it is
> working fine.
>
> After that I started the casifying....
> I started the CAS_READ_ME document in side cas-support
> I followed all but doesnt seem to work.
>
> Well...we allready got CAS with some PAMs (JAAS). we
> want to use the same authenication modules. we have a
> seperate jaas.conf file(with all the PAMs listed)
> similar to the jaas.properties in HC. Why are we
> having jaas.properties in HC level. We do not have any
> passwords in the application level. What is the
> purpose of the
> edu.yale.its.tp.cas.client.jaas.CASLoginModule,
> How can I get around with this. I am bit confused
> here.
The CASLoginModule is just a JAAS plugin that allows HC to use the
CAS client. You would not re-configure HC with any PAMs you are
using for CAS; instead HC is configured with a single module to talk
to the CAS server. Of course the password will never come near HC!
The configuration of CasLoginModule in jaas.properties effectively
plugs the CAS client into HC, but you still need to change the login
pipeline so that instead of seeing the HC built-in authentication
screen, the user is redirected to CAS. This is where the
pipelines.xml fragment comes in:
<pipeline name="login-cas" mode="login-cas" basedir="/" content-
type="text/html" binding="all">
<exec
stage="org.hypercontent.project.engine.stage.SessionAttributeStage">
<with-param name="name" value="service"/>
<with-param name="value" value="${abs-project-base}${request-path}%
3f${request-parms-encoded}%26command%3DLogin"/>
</exec>
<exec stage="org.hypercontent.project.engine.stage.RedirectStage">
<with-param name="location" value="https://localhost:9090/cas/
login?service=${service}"/>
</exec>
</pipeline>
As you notice, the last stage executed redirects the user to CAS. So
if you are still seeing the HC login screen, your problem is here in
the pipeline configuration. The above snippet is what you should
find in pipelines.xml: as the directions say, you need to change the
"name" attribute for this block to "login", and change the name of
the existing login pipeline to something else like "login-local".
I suggest you focus your attention here - when your pipelines are
properly configured, clicking "login" should take you to CAS! If you
login to CAS but are not then successfully logged into HC, then the
JAAS configuration should be examined further.
>
> Some of the content authors we can put inside the
> existing group structure but not their passwords
> within HC, but what about the online students login to
> the system. uPortal we did this easily as part of the
> CAS authentication we filled the template and sent
> back to the uPortal (IPerson object). So that they get
> listed automatically inside the group. How can we
> achieve those in HC.
HC currently does not support population of groups from LDAP or CAS
responses. This would be a benefit of moving towards GAP and
PersonDirectory in the future.
However, if your objective is to provide students with read access,
you can simply grant read access in HC to "group:anybody", of which
everyone is automatically a member, and use the uPortal portlet
publishing permissions to narrow down the target audience per portlet.
>
>
> When it comes to the Portlet, hope you are trying to
> achieve the portlet modes to facilitate HC view and
> edit modes etc.
Yes, this is the requirement.
> but apart from that why cant we have a tab (WebProxy)
> which points to HC for authers and to edit the
> content.
>
> That means there are some webproxies to render the
> contents (e..g for students) which have been edited by
> authers in the other WebProxy.
In theory this is a good idea, but in practice the standard HC
editing screens simply don't work via WebProxy. Without the portlet,
your best option is to publish the dashboard as a way for content
authors to link from the portal into HC in a separate window for
authoring.
Cheers,
Alex
|
