Forum LAMS for Tech-Heads - General Forum: Re: Authentication files


 
Search: 

2: Re: Authentication files
In response to 1 04/18/07 05:20 PM
[ Reply | Forward ]
Jan,

Which way are you going? Is the user in XWiki and wants to access LAMS, or do you want to access XWiki from within LAMS.

Given that you want to know where the LAMS authentication is done, I'll assume the user is in XWiki and wants to access LAMS.

At present to get into LAMS there are two ways of authenticating:

(1) Standard login screen, authenticating either to the local LAMS database or a LDAP server. There is also a WebAuth authenticator but I don't know if it is tested.

The bulk of the code for that is in the lams_central project, either in the jsps in the web directory, or the package org.lamsfoundation.lams.security. There are also configuration files scattered around the place (e.g. in lams_build).

In this case, any external authentication (e.g. LDAP) is purely authentication - the user should already exist in LAMS. Populating the user details from an external server is not currently supported.

(2) Single sign on ala our LMS integrations (Moodle, etc). The authentication is triggered by a call from the LMS and the user's details are populated by the LMS. All calls from the LMS contain check values that are used identify the calling LMS.

I think this is what you want to go XWiki => LAMS.

The code for this is also in the lams_central project. The webservices part is in org.lamsfoundation.webservice and other parts are in the org.lamsfoundation.lams.web package - in particular the LoginRequestServlet.java

If this is what you are after, I suggest you read LAMS and 3rd Party App Integration Mechanism on the wiki. The first part of this page covers the LAMS 2.0 integrations. The very bottom bit refers to the old 1.0.2 integrations - we are replacing those bits as we get the integrations redone for LAMS 2.0.

The easiest way to do it would probably be to take an existing integration and modify it to suit the XWiki side. Hopefully you should be able to write some code that plugs into XWiki and not have to make any changes in LAMS 2.0.

The Moodle module is available from our cvs server, but we are almost finished the beta version of a Sakai module for LAMS 2.0. This is written in Java so that would be a better starting point than the Moodle module (given that XWiki is Java and Moodle is PHP). I think we have one more thing to get working in our Sakai module and then we will move the code to our public cvs server, so that should be sometime this week.

The Sakai work was done on the HEAD (in cvs), so you will need to check out the rest of the projects from the HEAD, rather than using the 2.0.2 source code archives on our downloads page.



Has this answered your question? Was I correct in my assumptions? Or is this all gobbledygook. If Option (2) is what you want, then have a read of that wiki page and we will post to the community when the Sakai module is available for download and you can start playing with that code.

I'll be keen to hear how you go with this. I have a few ideas about things you could try doing, but I won't mention them yet - there is enough in this posting to confuse you already!

Regards,

Fiona Malikoff

Posted by Fiona Malikoff

3: Re: Re: Authentication files
In response to 2 04/23/07 01:47 AM
[ Reply | Forward ]
Hi Fiona,

sorry for this late answer. I posted the previous message just to know in which war-files I had to look into in case I had to modify them. Actually we want to go from LAMS to XWiki, and if possible, we want them to share a session object. Authentication can be done through LDAP (both systems support that).

I know that you are already thinking about having a wiki tool in LAMS. Do you know if you have started to work on this?

We are not thinking to have a thight integration between lams and xwiki; only single sign-on. Maybe we also will have a central LDAP server where all our web applications must send a request to for authentication. I hope to finish this before end of June.

Anyway, thank you for your information; I will look into the files you suggested.

Posted by Jan Dolonen

4: Re: Re: Re: Authentication files
In response to 3 04/23/07 08:24 PM
[ Reply | Forward ]
Ahh, in that case you want (1).

We use the Catalina single sign on cookie to do the single sign within LAMS itself and we also have a our own special shared session but you will need to be in the same JVM to access that. As you have noticed, LAMS is made up of multiple web-apps so we needed some mechanism of sharing the login and the session data between the web-apps.

As for that task to include a wiki tool. Sadly no, we haven't started work on this. To many things to do, not enough hands to do them all!

If you have any problems with the LDAP side, let us know. Jun-Dir has been doing some stuff with the LDAP lately so he might be able to help with issues. We've tested our LDAP with only one particular LDAP server, so there could be issues with other servers (see LDAP wiki page).

Fiona

Posted by Fiona Malikoff

5: Re: Re: Re: Re: Authentication files
In response to 4 05/16/07 03:39 AM
[ Reply | Forward ]

Hi Fiona,

I tried to put xWiki in the same JBoss webapp container as LAMS, but it didn't work. The reason is because you have used the unified class loader. When I set "UseJBossWebLoader" to false xWiki works, but as you mention here, LAMS will not work properly.

So, I guess, what I need to do is to run xWiki on another JBoss instance on the same server, or are there other ways to work around this problem? Have you been able to run other webapps on the same JBoss instance?

Another question: Is there a single sign-on between Moodle and LAMS? If I'm not able to create the single sign-on functionality using Moodle could be a last option. I'm not to keen on using Moodle (it has an integrated wiki) because I want LAMS to be in the foreground.

Posted by Jan Dolonen

6: Re: Re: Re: Re: Re: Authentication files
In response to 5 05/17/07 06:22 PM
[ Reply | Forward ]
The classloader business in JBoss can be right pain.... We haven't tried running any other webapps in the same JBoss instance.

There is single sign on between Moodle and LAMS. You need the LAMS2 module available from the download page.

If it was possible to implement single sign on from xWiki to LAMS, based on the Moodle or Sakai integrations then the users could log into xWiki and click on a button to open the LAMS window. Then they could run in LAMS as much as they want, going back to xWiki when desired. Not beautiful but maybe workable? If you did this, you could run xWiki in Tomcat, Jett y, etc - you wouldn't need a full JBoss instance.

If I get a chance this week (and I'm pretty busy with bug fixes for the next release) I'll try running up xWiki myself and see if I can come up with anything.

Fiona

Posted by Fiona Malikoff

Reply to first post on this page
Back to LAMS for Tech-Heads - General Forum