![]() 10:34:57,568 [ DEBUG x.c.l.XWikiLDAPAuthServiceImpl - The provided user is null. 10:34:57,568 [ TRACE x.c.l.XWikiLDAPAuthServiceImpl - Starting LDAP authentication I’ve enabled debug logging for LDAP and i’m seeing these trace logs. Just wondered if I could get some help setting up SSO, I’ve followed your configuration steps above but it doesn’t seem to work for me. I can update this post in case I’ve forgotten any details. I have successfully set up restricted access using Windows domain authentication using this configuration. (In the future if the LDAP Authenticator extension is updated to be able to perform an LDAP server binding using current credentials, the _DN and _pass settings will not be needed.) I would recommend restricting access to the WEB-INF directory permissions because of this. Unfortunately, we have to hard-code the LDAP auth account password in xwiki.cfg because the LDAP Authenticator extension requires it. ![]() This example searches the domain using the specified LDAP auth username and password. _mapping=name=sAMAccountName,last_name=sn,first_name=givenName,fullname=displayName,email=mail,ldap_dn=dn Modify WEB-INF\xwiki.cfg to use the LDAP Authenticator settings you want to use e.g.: =.XWikiLDAPAuthServiceImpl This example prevents authentication to the web server unless the connecting user is a member of the XWiki Users group in the FABRIKAM domain. Place these settings before the first tag in the file e.g.: Modify WEB-INF\web.xml to add the and restrictions you want. (If you’re not using Tomcat 9, copy the correct waffle-tomcat*-1.9.0.jar file for your Tomcat version.)įor XWiki 10.8, add Valve and Realm tags in META-INF\context.xml: įor XWiki versions older than 10.8, you’ll need to create a new context.xml file containing only the Valve and Realm tags: in the Tomcat installation directory.ĭownload Waffle - (version 1.9.0 is the latest as I write this)Ĭopy the following files from the Waffle distribution into the Tomcat lib directory: caffeine-2.6.2.jar ![]() Make sure that the domain service account has permission to write to the temp, logs, work, etc. You will need to set the service principal name (SPN) for the service account as noted in the Waffle documentation ( ). ![]() Run the Tomcat service using a domain service account. Make sure to install the LDAP Authenticator extension ( ). How to: Integrate Waffle in XWiki using Tomcat on Windows ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |