OPS and Authentication

Hi Guys,

I'm sure someone will have come across this before, so here goes.

I'm trialling OPS as a possible replacement for an aging forms system, and so far it's looking good.  I have run into a problem, however, in that I can't access an authenticated web server to retrieve dynamically loaded data.  There are two problems I face when trying to do this:

1. OPS bombs out, complaining that the certificate on our development server is not valid.   Is there any way to force an ignore of this error message?

2. Authentication information (i believe) is not passed down to the CGI script(s), making it difficult to determine who is using that form.

Does anyone have a solution to these two items?

Thanks.

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
  

Use the JDK specific version in $JAVA_HOME/bin/keytool

The keystore lives in $JAVA_HOME/jre/lib/security/cacerts – by default it is read only for user/group/world. This needs set to writeable before it can be modified by keytool

 The following assumes that the current directory is set to that containing the java keystore

 Use the following command to import the cert from the file : /tmp/server.com.crt

$JAVA_HOME/bin/keytool -import -alias server -file /tmp/server.com.crt -keystore `pwd`/cacerts

To check that it made it in successfully run

$JAVA_HOME/bin/keytool -list -keystore cacerts >ca.exported

You should then see an entry for server in ca.exported

Hope this helps!

Steve

Lee,

1. You could use oxf:request to get the authentication header (or from a
stored session variable) and pass it on, I'm not sure where OPS makes
creates its header, but if you found where that was you could easily add the
authentication header in on all requests. You could also look at the
Apache/Tomcat Docs to see if there is a way to activate this by default.

2. I think you have to do this using the JDK or JRE to add the SSL cert so
your java environment trusts the source (There are lots of results for
"Adding a certificate to cacerts" on google). I might be wrong, but I don't
think there is an option to ignore this, for security reasons

Hope this is some help

Ryan

Ryan Puddephatt
Software Engineer

Teleflex Group - IT UK
1 Michaelson Square
Livingston
West Lothian
Scotland
EH54 7DP

e> [hidden email]
t> +44(0)1506 407 110
f> +44(0)1506 407 108

 

  

-----Original Message-----
From: Lee Standen [[hidden email]] 
Sent: 31 October 2006 02:14
To: [hidden email]
Subject: Re: [ops-users] OPS and Authentication

Hi Guys,

I've yet to get a response that helps me a lot to my original 
question :)

Basically, I need to know if it's possible to, and how to do 
the following two things:

1. Grab the users' username and password that they passed to 
.htaccess authentication and pass it on in all subsequent 
tomcat-apache requests.

2. Bypass the SSL warning messages, and connect to an 
untrusted source, so that things actually work in our 
development environment :)

Can anyone provide a reference to some instructions on achieving this?

Thanks,
Lee



Ryan Puddephatt wrote:
    

Henrik/Lee,
	I always receive my emails I think you may have a problem there

Try going to 
      

http://www.objectweb.org/wws/suboptions/ops-users (if you 
    

don't have a password you can get it emailed to you) Make sure the 
Reception Mode is set to Normal rather than Not_Me

Ryan

Ryan Puddephatt
Software Engineer

Teleflex Group - IT UK
1 Michaelson Square
Livingston
West Lothian
Scotland
EH54 7DP

e> [hidden email]
t> +44(0)1506 407 110
f> +44(0)1506 407 108

 

      

-----Original Message-----
From: Henrik Pettersen [[hidden email]]
Sent: 30 October 2006 12:06
To: [hidden email]
Subject: Re: [ops-users] OPS and Authentication

Lee,

it's a feature, not a bug ;-) The orbeon mailing list software does 
not send you your email to the mailing list. It seems like this 
behaviour cannot be changed from the individual mailing list 
configurations.

Henrik

On 10/27/06, Lee Standen [hidden email] wrote:
        

Just sending this again, because 24 hours later, I still
          

haven't seen
        

it show up in the list.

Thanks :)

          

That goes most of the way there...

Are there any methods available to get the password of the
            

user that
        

is connected to the script via HTTP Auth?  Basically, I 
            

need to be 
    

able to forward those credentials when Orbeon is
            

connecting back to
        

the server for its' various data sources.

Thanks for the help so far :)



marc wrote:
            

Hi Lee,

For the first question : I don't know :-(

For the second one : Have you read these docs ?

              

http://www.orbeon.com/ops/doc/reference-xforms-ng#submission-auth-e
        

xtension


              

http://www.orbeon.com/ops/doc/processors-submission#authentication
    

HTH,

--
Marc


Lee Standen a écrit :
              

Hi Guys,

I'm sure someone will have come across this before, so 
                

here goes.
    

I'm trialling OPS as a possible replacement for an aging forms 
system, and so far it's looking good.  I have run into a
                

problem,
        

however, in that I can't access an authenticated web server to 
retrieve dynamically loaded data.  There are two 
                

problems I face 
    

when trying to do this:

1. OPS bombs out, complaining that the certificate on our
development server is not valid.   Is there any way to force an
ignore of this error message?

2. Authentication information (i believe) is not passed down to 
the CGI script(s), making it difficult to determine who
                

is using that form.
        

Does anyone have a solution to these two items?

Thanks.




                

------------------------------------------------------------------
        

------



--
You receive this message as a subscriber of the 
[hidden email] mailing list.
To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service 

 page: 
http://www.objectweb.org/wws

                

-------------------------------------------------------------------
        

-----


--
You receive this message as a subscriber of the 
[hidden email] mailing list.
To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: 
http://www.objectweb.org/wws

              

--
You receive this message as a subscriber of the
          

[hidden email] mailing list.
        

To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: 
http://www.objectweb.org/wws



          

----------------------------------------------------------------------
    

--


--
You receive this message as a subscriber of the 
      

[hidden email] mailing list.
    

To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: 
http://www.objectweb.org/wws
      

--
You receive this message as a subscriber of the [hidden email] mailing list.
To unsubscribe: [hidden email]
For general help: [hidden email]
ObjectWeb mailing lists service home page: http://www.objectweb.org/wws
  

slenhart.vcf (316 bytes) Download Attachment