0

I have a standalone httpd+Tomcat 8.5.65 installation on OpenJDK 11 with OpenCms 11.0.2 for my client's internal website.

They have a LDAP network and they're requesting the automated logon using Kerberos (krb5).

We configured SPNego and it works on Tomcat: a test JSP page including the code:

 <%= request.getRemoteUser() %>

works as intended (prints the username) when accessed through tomcat directly (port 8080). But when I access OpenCms via Tomcat, this authentication doesn't work. Specifically, the CmsJspLoginBean object's isLoggedIn() method returns false. In other words, the current user is [Guest].

Is there anything I have to do to "connect" OpenCms to Kerberos on the OpenCms side, knowing that Tomcat is already correctly configured?

Also: OpenCms has the LDAP Connector installed and it works, I don't think it has anything to do with this.

user3804769
  • 101
  • 1

1 Answers1

1

Yes, you need to map the remote user to the OpenCms user registry and upon request need to create a session with OpenCms for this remote user. Ideally, this is done with your own user authenticator implementation, which results in a true seamless SSO experience (no rocket science). Let me know if you need further help with this.

hfcoma
  • 11
  • 2
  • Hi, thanks! Could this be done with any of the default OpenCms authenticators? This is actually an upgrade from OpenCms 9 which is on an obsolete server and uses one of the default implementations. – user3804769 Apr 06 '22 at 20:45