-
Type:
Bug
-
Status: Closed
-
Resolution: Won't Fix
-
Affects Version/s: 5.2.3, 6.0.6 GA
-
Component/s: Application Security
-
Labels:None
-
Environment:Windows XP SP3 - development workstation
Jboss 4.3 GA CP06
Liferay 5.2.3
IIS 6.0 Web Server - for SPNEGO handshake with the Active Directory Server
Internet Explorer 7.0
-
Fix Priority:3
I am using the IIS web server (using isapi_redirect) in front of Jboss for SPNEGO based SSO. I can see the request.getRemoteUser returning with <DOMAIN_NAME>\<my user id> in AutoLoginFilter.java
I have a custom AutoLogin class named SpnegoAutoLogin.java that I have configured in auto.login.hooks property inside portal-ext.properties. But, when I test the Single Sign On functionality, it doesn't call the custom SpnegoAutoLogin class defined for auto.login.hooks property.
I put a breakpoint in AutoLoginFilter.java using eclipse and tested it in debug mode. The line
String remoteUser = request.getRemoteUser();
in AutoLoginFilter.java returns <DOMAIN_NAME>\<my user id> as expected.
However, after that it calls the BaseFilter.java and returns a blank page. It does not go to the SpnegoAutoLogin.java configured through auto.login.hooks property.
Looking at the code below from AutoLoginFilter.java, I found out that the reason it doesn't call the class associated with auto.login.hooks is because of the if condition in the code below.
String remoteUser = request.getRemoteUser();
String jUserName = (String)session.getAttribute("j_username");
if ((remoteUser == null) && (jUserName == null)) {
for (AutoLogin autoLogin : _autoLogins) {
try {
String[] credentials = autoLogin.login(request, response);
Please let me know your thoughts and if you need any additional information on this issue. This issue can also be found in the forums by using the link below.
http://www.liferay.com/community/forums/-/message_boards/message/1458264#_19_message_4762306
I think I have the solution to this problem which I am testing right now. Once, my test is successful, I will submit it.
Thanks,
Kamal
- relates
-
LPS-8690 MainServlet expects HttpServletRequest.getRemoteUser() to return valid liferay user id instead of userName
- Closed