Versions Compared

Old Version 20

changes.mady.by.user Scott Amerson

Saved on

compared with

New Version 21

changes.mady.by.user Scott Amerson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

One solution that was found for Sakai 1.5, however not straight forward for Sakai 2.0. It is less than ideal, but just noted here as a solution that was found to work on both Windows and Linux. The details are provided below:
The loginservlet class was extended to a servlet called the DistAuthLoginServlet. The DistAuthLoginServlet preserves the same logic that the LoginServlet has, with exception to any password lookup/recognition information. Because the LoginServlet is used to capture form passwords, this logic can no longer be used and only DistAuth handles password information. Above is not the only difference between the DistAuthServlet and LoginServlet, the main difference is that the DistAuthLoginServlet replaces the "getRemoteUser" with the Kerberos name from the AuthUser cookie. The LoginServlet is used for inherent Sakai accounts (e.g. admin, etc.), while the DistAuthLoginServlet is the login that is protected by DistAuth. In addition to these modifications, other modifications need to be incorporated in the Sakai framework for DistAuth to be configured correctly, including the addition of a DistAuth filter to handle the DistAuth and DA1 cookie validation/parsing, etc. See the "HOW TO CONFIGURE DISTAUTH AND SAKAI 1.5, 2.0" section below.

Solution Found: For both Sakai 1.5 and 2.0

...

The following are instructions for adding DistAuth login to Sakai 1.5 and 2.0 (This is assuming a one login page with both DistAuth and Sakai Login togetherthat is protected by DistAuth, version 2 1 below)

  • Put the UCDDistAuth.jar in the common areas where Tomcat needs to find them (common-lib, shared-lib) This is available from Scott Amerson at IET.
  • Put the DistAuthLoginServlet.java file in the ..\sakaidev\chef-tool\src\java\org\sakaiproject\tool\authn directory. This is an attachment (rename file for capital letters.
  • Put the new login.vm (assuming you haven't changed the out of box version) in ..\sakaidev\chef-tool\src\webapp\vm\authn. An example page vm file is provided as an attachment.
  • Add the following to the web.xml in the sakaidev\chef-tool\src\webapp\WEB-INF directory
    <!?servlet declaration?

<servlet>

<servlet-name>

ucdlogin

</servlet-name>

<servlet-class>

org.sakaiproject.tool.authn.DistAuthLoginServlet

</servlet-class>

<load-on-startup>1</load-on-startup>

</servlet>

<!?further down, add the mapping?

<servlet-mapping>

<servlet-name>

ucdlogin

</servlet-name>

<url-pattern>

/ucdlogin/*

</url-pattern>

...

Sakai 1.5

  • Add the following params to the ..\Tomcat 5.0\conf web.xml to declare the DistAuth Filter and mapping.. Basically these are configurable pieces that not everyone will need, but we should put them in. ProtectionLevel is most important (2 is default, 3 is AFS)
    <filter>

...