Forums / General / LDAP credentials passthru

LDAP credentials passthru

« 
Previous topic
|
General
|
Next topic
 »
Author Message

Quoc Huy Nguyen Dinh

Friday 12 December 2008 7:59:30 am

Hi,

I would like to implement the following and wanted to see how it would be possible.

We have an extranet where our staff have to connect to in order to access content sensitive internal sites. One of those is running on ez publish.

The issue is the user have to login first into the extranet system that uses LDAP. Then when he clicks on the ez publish site links, the extranet rewrites the URL to have it runs thru a sort of proxy, example: the internal site is www.mysite.com and would be rewritten to https://myextranet.com/,DanaInfo=www.mysite.com,SSO=U+

Once on that proxied page, he will have to login again into ez publish.

We have a forum inside that internal page and that internal page is a siteaccess to a subtree of another website which is accessible to the public without going thru the extranet. Thus we need to activate login in the internal site. But we would like to have the visitor login only once thru the extranet and have a pass thru system that sends the credentials to ez publish.

Is that possible?
As from what I understand, if I activate LDAP login in ez publish, the visitor still needs to login a second time.

Thanks

Gaetano Giunta

Saturday 13 December 2008 9:24:52 am

Well, if the user needs to login (to ldap backend) first to clear authentication to the rewriting proxy, I would suggest to:
- create a new siteaccess to be used for browsing internal-from-outside
- lock it via apache rules so that it cannot be accessed from internal net but only from the IP of the proxy
- do not activate ldap login on this siteaccess, as ldap is checked by the proxy, but rather
- create a custom SSO handler in eZ Publish, that checks if the proxy has set some appropriate credentials for the user. This can be done generally by having the proxy set some cookie into the browser session or other stuff

You are correct about your assumption: if you just activate ldap logon, user will be asked to login twice.

Principal Consultant International Business
Member of the Community Project Board

Quoc Huy Nguyen Dinh

Monday 15 December 2008 4:14:39 am

I see, nice idea.

Merci

eZ debug

Timing: Jan 19 2025 03:34:46
Script start
Timing: Jan 19 2025 03:34:46
Module start 'content'
Timing: Jan 19 2025 03:34:48
Module end 'content'
Timing: Jan 19 2025 03:34:48
Script end

Main resources:

Total runtime1.4444 sec
Peak memory usage4,096.0000 KB
Database Queries194

Timing points:

CheckpointStart (sec)Duration (sec)Memory at start (KB)Memory used (KB)
Script start 0.00000.0062 588.9453180.8438
Module start 'content' 0.00621.2906 769.7891553.8672
Module end 'content' 1.29680.1475 1,323.6563332.7578
Script end 1.4443  1,656.4141 

Time accumulators:

 Accumulator Duration (sec) Duration (%) Count Average (sec)
Ini load
Load cache0.00440.3066210.0002
Check MTime0.00150.1042210.0001
Mysql Total
Database connection0.00110.077310.0011
Mysqli_queries1.364294.45101940.0070
Looping result0.00230.15621920.0000
Template Total1.417398.120.7086
Template load0.00210.142420.0010
Template processing1.415297.983120.7076
Template load and register function0.00010.008210.0001
states
state_id_array0.00070.048510.0007
state_identifier_array0.00150.104320.0008
Override
Cache load0.00180.1226250.0001
Sytem overhead
Fetch class attribute can translate value0.00170.116330.0006
Fetch class attribute name0.00120.085050.0002
XML
Image XML parsing0.00410.285430.0014
class_abstraction
Instantiating content class attribute0.00000.000960.0000
General
dbfile0.00620.4288350.0002
String conversion0.00000.000430.0000
Note: percentages do not add up to 100% because some accumulators overlap

CSS/JS files loaded with "ezjscPacker" during request:

CacheTypePacklevelSourceFiles
CSS0extension/community/design/community/stylesheets/ext/jquery.autocomplete.css
extension/community_design/design/suncana/stylesheets/scrollbars.css
extension/community_design/design/suncana/stylesheets/tabs.css
extension/community_design/design/suncana/stylesheets/roadmap.css
extension/community_design/design/suncana/stylesheets/content.css
extension/community_design/design/suncana/stylesheets/star-rating.css
extension/community_design/design/suncana/stylesheets/syntax_and_custom_tags.css
extension/community_design/design/suncana/stylesheets/buttons.css
extension/community_design/design/suncana/stylesheets/tweetbox.css
extension/community_design/design/suncana/stylesheets/jquery.fancybox-1.3.4.css
extension/bcsmoothgallery/design/standard/stylesheets/magnific-popup.css
extension/sevenx/design/simple/stylesheets/star_rating.css
extension/sevenx/design/simple/stylesheets/libs/fontawesome/css/all.min.css
extension/sevenx/design/simple/stylesheets/main.v02.css
extension/sevenx/design/simple/stylesheets/main.v02.res.css
JS0extension/ezjscore/design/standard/lib/yui/3.17.2/build/yui/yui-min.js
extension/ezjscore/design/standard/javascript/jquery-3.7.0.min.js
extension/community_design/design/suncana/javascript/jquery.ui.core.min.js
extension/community_design/design/suncana/javascript/jquery.ui.widget.min.js
extension/community_design/design/suncana/javascript/jquery.easing.1.3.js
extension/community_design/design/suncana/javascript/jquery.ui.tabs.js
extension/community_design/design/suncana/javascript/jquery.hoverIntent.min.js
extension/community_design/design/suncana/javascript/jquery.popmenu.js
extension/community_design/design/suncana/javascript/jScrollPane.js
extension/community_design/design/suncana/javascript/jquery.mousewheel.js
extension/community_design/design/suncana/javascript/jquery.cycle.all.js
extension/sevenx/design/simple/javascript/jquery.scrollTo.js
extension/community_design/design/suncana/javascript/jquery.cookie.js
extension/community_design/design/suncana/javascript/ezstarrating_jquery.js
extension/community_design/design/suncana/javascript/jquery.initboxes.js
extension/community_design/design/suncana/javascript/app.js
extension/community_design/design/suncana/javascript/twitterwidget.js
extension/community_design/design/suncana/javascript/community.js
extension/community_design/design/suncana/javascript/roadmap.js
extension/community_design/design/suncana/javascript/ez.js
extension/community_design/design/suncana/javascript/ezshareevents.js
extension/sevenx/design/simple/javascript/main.js

Templates used to render the page:

UsageRequested templateTemplateTemplate loadedEditOverride
1node/view/full.tplfull/forum_topic.tplextension/sevenx/design/simple/override/templates/full/forum_topic.tplEdit templateOverride template
3content/datatype/view/ezimage.tpl<No override>extension/sevenx/design/simple/templates/content/datatype/view/ezimage.tplEdit templateOverride template
3content/datatype/view/ezxmltext.tpl<No override>extension/community_design/design/suncana/templates/content/datatype/view/ezxmltext.tplEdit templateOverride template
4content/datatype/view/ezxmltags/paragraph.tpl<No override>extension/ezwebin/design/ezwebin/templates/content/datatype/view/ezxmltags/paragraph.tplEdit templateOverride template
2content/datatype/view/ezxmltags/line.tpl<No override>design/standard/templates/content/datatype/view/ezxmltags/line.tplEdit templateOverride template
1pagelayout.tpl<No override>extension/sevenx/design/simple/templates/pagelayout.tplEdit templateOverride template
 Number of times templates used: 14
 Number of unique templates used: 6

Time used to render debug report: 0.0002 secs