Header based sso in CP 5.1?

[mboorshtein]

I am trying to deploy a 5.1 Jasper CP with an SSO system that generates a header that I want jasper to blindly accept.  I want to use all of the internal users and roles, i just want to externalize authentication.  In previous versions I configured the RequestHeaderPreAuthenticatedProcessingFilter from Spring, but the examples don't have this anymore.  Any help would be greatly appreciated.

 

Thanks

Marc

[elizam]

The file samples/externalAuth-sample-config/sample-applicationContext-externalAuth-template.xml shows a simple configuration that authenticates using information in the header. You need to write your own customAuthenticationProvider and return a Spring Security userDetails class upon successful authentication.

[mboorshtein]

Thank you for the response, however I don't know how you can call a 141 line xml file with few comments AND having to write multiple java classes to trust a header (or getUserPrincipal) "simple". I'll try tackling this but "simple" isn't the word I'd use. I read the authentication "cookbook" as well, I didn't find it that much more useful to be honest.

 

Thanks

Marc

[marcos.ramos]

I agree. There's nothing simple about that. Plus, I believe there's a lack of documentation on that matter. The template is just that, a template. Not much information on how to implement authentication using the passed headers. The cookbook should go deeper with detailed examples on how to accomplish that.

 

Regards,

M

[marcos.ramos]

Hi. I'm having the same problem and I'll like to share with you what I've tried to try to get some pointers to solve the problem.I'm trying to integrate authentication with JasperServer (v5.1 here). There's an HTTP Header that contains the username.The username contained in the header must match the local jasperserver's username.

 

Here are the files that I've modified. All in the /WEB-INF/ path inside /apache-tomcat/webapps/jasperserver/

 

applicationContext-security.xml

			    	    	    +?	        	        	            +	                	                	                	                	            	        	    	    				        	        	    	    	        	    	    	        	    			    	    (...)[/code]

 

 

js.sprint.properties

+	bean.myAuthenticationFilter=myAuthenticationFilter+	bean.myPreAuthProvider=myPreAuthProvider[/code]

 

my.auth.MyUserDetailsService.java

	package my.auth;	import org.springframework.dao.DataAccessException;	import org.springframework.security.GrantedAuthority;	import org.springframework.security.GrantedAuthorityImpl;	import org.springframework.security.userdetails.User;	import org.springframework.security.userdetails.UserDetails;	import org.springframework.security.userdetails.UserDetailsService;	import org.springframework.security.userdetails.UsernameNotFoundException;	public class MyUserDetailsService implements UserDetailsService {		@Override		public UserDetails loadUserByUsername(String username)				throws UsernameNotFoundException, DataAccessException {			final String DEFAULT_ROLE 		= "ROLE_USER";		// default user's role on jasperserver			final String DEFAULT_PASSWORD	= "ThisIsATest";	// default user's password on jasperserver			UserDetails user = new User(username,	 			// username 					DEFAULT_PASSWORD,							// password					true,										// enabled?					true,										// accountNonExpired?					true,										// credentialsNonExpired?					true,										// accountNonLocked?					new GrantedAuthority[]{						// granted authority						new GrantedAuthorityImpl(DEFAULT_ROLE)						}			); 			return user;		}		}[/code]