Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

webauth & filemaker

Jeanmarie Lucker jlucker at stanford.edu
Tue Feb 6 16:31:47 PST 2007


Ok, attached is the test.jsp -- it is very basic. I also attached the  
jk.conf file.
Add the following to the server configuration-- default site. Make  
sure that whatever directory you have WebAuth directives you have:
Good Luck
J
<Location  "/mywebapp/jsp">
         AllowOverride AuthConfig
         Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
         Order allow,deny
         Allow from all
         AuthType WebAuth
         Require valid-user
         WebAuthLdapAttribute displayName
         WebAuthLdapAttribute mail
         WebAuthLdapAttribute ou
         WebAuthLdapAttribute suaffiliation
         WebAuthLdapAttribute suPrimaryOrganizationID
         WebAuthLdapAttribute suRegisteredNameLF
         WebAuthLdapAttribute suPrivilegeGroup

</Location>

# Static files in all Tomcat webapp context directories are served by  
apache
   JkAutoAlias /usr/share/tomcat4/server/webapps
   JkMount /*.jsp  worker1
   JkMount /*/servlet* worker1
   JkEnvVar WEBAUTH_LDAP_SUPRIMARYORGANIZATIONID nodefault
   JkEnvVar WEBAUTH_LDAP_SUAFFILIATION nodefault
   JkEnvVar WEBAUTH_LDAP_OU nodefault
   JkEnvVar WEBAUTH_LDAP_MAIL nodefault
   JkEnvVar WEBAUTH_LDAP_DISPLAYNAME nodefault
   JkEnvVar WEBAUTH_USER   nodefault
   JKEnvVar WEBAUTH_LDAP_SUPRIVILEGEGROUP nodefault
   JKEnvVar WEBAUTH_LDAP_SUREGISTEREDNAMELF nodefault
   JkEnvVar SSL_CLIENT_V_START  nodefault


  <VirtualHost *:80>
   JkMount /*.jsp worker1
	<Directory /srv/www/>
		AllowOverride AuthConfig
		Options Indexes SymLinksIfOwnerMatch ExecCGI MultiViews
		Order allow,deny
		allow from all

	</Directory>

	ErrorLog /var/log/apache2/error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	#LogLevel warn
	LogLevel debug

	CustomLog /var/log/apache2/access.log combinedhost
	ServerSignature On

      Alias /hostreg /usr/share/tomcat4/server/webapps/hostreg/
      Alias /examples /usr/share/tomcat4/server/webapps/examples/
      Alias /doc /usr/share/doc/
      JkMount /hostreg/* worker1
      JkMount /hostreg/servlet/* worker1
      JkMount /examples/* worker1
      JkMount /examples/servlet/* worker1
      JKUnMount /examples/*.gif worker1
      JkUnMount /examples/*.jpg worker1
      JKUnMount /hostreg/*.gif worker1
      JKUnMount /hostreg/*.jpg worker1
      JKUnMount /hostreg/*.css worker1

      <Directory "/usr/share/doc/">
          AllowOverride None
          Order deny,allow
          Deny from all
          #Allow from 128.0.0.0/255.0.0.0 ::1/128
	 Allow from all
      </Directory>

</VirtualHost>

<VirtualHost *:443>
     SSLEngine on
     CustomLog /var/log/apache2/access.log combinedhost
    # RedirectMatch "^/(index\..+)?$" http://hostreg-dev1.stanford.edu/
</VirtualHost>



-------------- next part --------------
A non-text attachment was scrubbed...
Name: jk.conf
Type: application/octet-stream
Size: 1603 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20070206/b251c663/attachment.conf>
-------------- next part --------------


-------------- next part --------------
A non-text attachment was scrubbed...
Name: test.jsp
Type: application/octet-stream
Size: 1227 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/webauth-info/attachments/20070206/b251c663/attachment.jsp>
-------------- next part --------------





On Feb 6, 2007, at 4:10 PM, Susanne Riehemann wrote:

> Sounds great! Thanks so much :)
>
>> I have a test page for apache/webauth/tomcat
>>
>> https://snsr-dev1.stanford.edu/hostreg/jsp/test.jsp
>>
>> If this is what you want write back, and I will send you the mod_jk
>> conf, and the server configuration fragments and the jsp
>>
>>
>> Jean
>>
>> On Feb 6, 2007, at 2:11 PM, Marco Wise wrote:
>>
>>> Hi Emma, Susanne,
>>>
>>> Just wondering if my earlier suggestions to Peter Sells made it to
>>> you and whether they worked...
>>> Copied below.
>>>
>>> - marco
>>>
>>> <snip>
>>> If you are using a proxy, the SUNet ID will be passed to the web
>>> server as an HTTP header. You can find some information about that
>>> here: http://www.stanford.edu/services/kerberos/developer/#webauth
>>> (scroll down to the bits about proxy service).
>>>
>>> The trick here will be to have Filemaker's Custom Web Publishing
>>> retrieve that information. I think Filemaker has a function for that
>>> (get_header): http://www.filemaker.com/downloads/documentation/
>>> fmsa8_custom_web_guide.pdf
>>> <snip>
>>>
>>>
>>> On Feb 6, 2007, at 1:23 PM, Emma Pease wrote:
>>>
>>>>
>>>> A friend working on the linguistics web pages had a query involving
>>>> webauth.  Any help would be much appreciated (she bakes very
>>>> dangerous
>>>> (to the waistline) brownies).
>>>>
>>>> Emma
>>>>
>>>>
>>>>
>>>> ------- Forwarded Message
>>>>
>>>>
>>>> From sr Sun Feb  4 19:49:13 2007
>>>> Subject: webauth & filemaker
>>>> To: webauth-info at lists.stanford.edu
>>>> Date: Sun, 4 Feb 2007 19:49:13 -0800 (PST)
>>>> X-Mailer: ELM [version 2.5 PL3]
>>>> Content-Length: 1753
>>>>
>>>> Dear all,
>>>>
>>>> I'm working on the class registration website for the Linguistic
>>>> Institute which will be held at Stanford this summer.
>>>>
>>>> We are using the xsl stylesheet part of Filemaker Server 8  
>>>> Custom Web
>>>> Publishing (which is a customized tomcat) on a Mac OS 10.4.8  
>>>> machine.
>>>> We want to use Webauth for authentication (all participants will be
>>>> getting SUNet IDs until the end of the institute), and so we had to
>>>> upgrade to apache 2.
>>>>
>>>> Our problem is how to securely pass the WEBAUTH_USER information to
>>>> Filemaker. Before we upgraded to apache 2, server side includes  
>>>> were
>>>> working, and we were planning to use <!--#echo  
>>>> var="WEBAUTH_USER"-->
>>>> to get at the information. But we haven't been able to get SSIs
>>>> working again after upgrading - they're working for regular pages
>>>> handled just by apache 2, but they no longer work for the xsl pages
>>>> handled by apache 2 and tomcat.
>>>>
>>>> As a workaround we considered getting the info from an apache 2  
>>>> page
>>>> and sending it along to a tomcat page. This works fine, but
>>>> putting it
>>>> in the URL or using a hidden form field isn't secure, and I don't
>>>> know
>>>> of any other way to do it.
>>>>
>>>> We followed the instructions in the "Java/Tomcat/mod_jk  
>>>> Integration"
>>>> section on this page
>>>> http://www.stanford.edu/services/webauth/manual/mod/ 
>>>> mod_webauth.html
>>>> as far as the configuration goes, but we don't have the Java
>>>> expertise
>>>> to know how to use this part:
>>>> <% out.print (request.getAttribute("WEBAUTH_USER")); %>
>>>>
>>>> So I'm wondering if anyone on this mailing list has some java code
>>>> sitting around that does what we need, and could share it with me?
>>>> Or if anyone has any other suggestions, that would be great too.
>>>> We are getting quite desperate, and if someone is able to help out,
>>>> there's money to pay for their time.
>>>>
>>>> Many thanks,
>>>>
>>>> - -Susanne
>>>>
>>>> ------- End of Forwarded Message
>>>>
>>>>
>>>
>>>
>>
>>
>



More information about the webauth-info mailing list