Authentication/access control#

How to easily make JSPWiki a private single user wiki? AnswerMe#

I want to use JSPWiki for my private notes. So I want to be the only user to even view any information in the wiki as it is personal information.

What I did to achieve that. (Please tell me if there is an easier or more secure approach)#

I installed tomcat and jsp wiki on my laptop.
Configuring it through the install page one sees at first access and setup my admin user.
Enabled ssl in tomcat.
In jspwiki.policy I commented out every privilege except for those granted to GroupPrincipal "Admin" and Role "Admin".

Problems and doubts I have#

My Prefs is available.
When I open My Prefs I can suddenly see the left menu with all categories I created.
According to my understanding they should be protected by login as well.
The User status is: "G’day (anonymous guest)".
When I click on any of the LeftMenu links I get redirected to Login Page again.
Looks like protection works for all pages except the leftmenu? But how does this happen? Thought LeftMenu is a wiki page like any other.
Are default values set if i don't grant them in jspwiki.policy? Should I move all privileges to Admin group instead of commenting them out for all others? Is there perhaps a better container to run JSPWiki in to have it only available on your local machine than tomcat? Perhaps one that really only grants access to the wiki if the request is from the current machine?

Answer#

I think you are using the container's security manager.
You have to turn it off.
#TOMCAT5_SECURITY=yes
TOMCAT5_SECURITY=no

Authenticate to view a page, eventhough not required AnswerMe#

I've 2.3.33 jspwiki installed on my machine, and I've set view permission to everyone in the policy file. Now sometimes it's asking for login when I try to access a page, but if I clear the cookies, it's not asking for login to view the pages. Everytime I've to clear the cookies to fix this problem. Any ideas?

UserPreferences gives NullPointer exception AnswerMe#

Hello!

I've a clean install of JSPWiki, have done nothing but follow the installation guide and *tried* to follow the authentication guide, but that appears to be assuming that it'll just work, and this is not the case.

Whenever I visit the UserPreferences.jsp page, all I get is a NullPointer error:

JSPWiki has detected an error Error Message An unknown exception java.lang.NullPointerException was caught by Error.jsp. Exception java.lang.NullPointerException Place where detected com.ecyrd.jspwiki.auth.UserManager.getUserProfile(), line 270

SecurityConfig.jsp also gives an error.

Where am I going wrong? I suspect I'm missing something obvious, but as yet I've not found any documentation - either here, or in the world of Google, that might suggest what. Please help!

Pete Cliff, Systems Developer, University of Bristol


I, too, have the problem above. Also, admin/SecurityConfig.jsp gives an error too.

Error Message Unable to locate a login configuration Exception java.lang.SecurityException Place where detected com.sun.security.auth.login.ConfigFile.(), line 97

Not sure exactly what is going on here.

Thanks, aj.

Unable to log-in AnswerMe#

I have just installed JSPWiki 2.4.6-beta, without changing any configuration except the folder where i want to store the files. I am able to access JSPWiki as an asserted user, inserting and searching pages.

I created a user from the Wiki, which i see it's in the user.xml file, and when i try to login i get:

<%@ page isErrorPage="true" %>
Forbidden

Sorry, but you are not allowed to do that.

Usually we block access to something because you do not have the correct privileges (e.g., read, edit, comment) for the page you are looking for. In this particular case, it is likely that you are not listed in the page’s access control list or that your privileges aren’t high enough (you want to edit, but ACL only allows ‘read’).

It is also possible that JSPWiki cannot find its security policy, or that the policy is not configured correctly. Either of these cases would cause JSPWiki to block access, too.

Better luck next time.

Here are the last entries of my log:

2006-05-21 13:24:27,208 [http-3471-Processor25] INFO JSPWiki JSPWiki:http://personalsoft.dyndns.org:3471/JSPWiki/Login.jsp - Successfully authenticated user FabianoBonin (custom auth)
2006-05-21 13:24:27,213 [http-3471-Processor25] INFO JSPWiki JSPWiki:http://personalsoft.dyndns.org:3471/JSPWiki/Login.jsp - Redirecting user to Wiki.jsp
2006-05-21 13:24:27,372 [http-3471-Processor25] INFO SecurityLog JSPWiki:http://personalsoft.dyndns.org:3471/JSPWiki/Wiki.jsp - WikiSecurityEvent.ACCESS_DENIED [source=com.ecyrd.jspwiki.auth.AuthorizationManager@3a0ab1, princpal=[WikiPrincipal (wikiName): FabianoBonin], target=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view")]
2006-05-21 13:24:27,373 [http-3471-Processor25] INFO com.ecyrd.jspwiki.WikiContext JSPWiki:http://personalsoft.dyndns.org:3471/JSPWiki/Wiki.jsp - User Fabiano Bonin has no access - forbidden (permission=("com.ecyrd.jspwiki.auth.permissions.PagePermission","JSPWiki:Main","view"))

I get exactly the same error, and under the same circumstances. I have placed an inquiry about this on the StupidQuestions page. --Alex, 24-May-2006

I get exactly the same error, since I tried to update from version 2.2.33 to 2.4.15. (JSPWiki version 2.2.33 was running fine.) I have placed an inquiry about this further down on this page and on LDAPAuthentication page, since we are using LDAP Authentification. --Eva, 26-June-2006

I had the same problem. I think the jspwiki.policy-file of 2.4.6 is faulty. I copied the "Authenticated"-part of the jspwiki.policy-file of 2.4.40, now it works. Before the diagnostic page "admin/SecurityConfig.jsp" said that authenticated users had no rights ("deny"). Therefore the forbidden-page was shown, I think. -- Paul, 06-September 2006


change in error/Forbidden.html:
<p><a href=".">Better luck next time.</a></p>
to:
<p><a href=".">Better luck next time.</a>(<a href="Logout.jsp">logout</a>)</p>
for a new chance to login, if you prefer.

--MarcoPaleani 30-June-2010


I downloaded JSPWiki v2.2.20, edited the jspwiki.properties file. In there I set the parameters #

for Authentication and Authorization:
jspwiki.authorizer = PageAuthorizer
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = \path to passwordfile.txt
jspwiki.userdatabase = WikiDatabase
jspwiki.policy.strictLogins = true
Yet on login, Invalid Login message appears. Am not able to login with the username, password given in my passwordfile.txt.
Please clarify.

You must set "jspwiki.useOldAuth=true" as well, and be prepared that it will stop running with the next release. It's not supported at all, and buggy as hell. --JanneJalkanen

It's rather 'jspwiki.auth.useOldAuth' in the source code. --RafalSmyka

Sorry, the above comment is a bit ambiguous, are you saying this needs to be set in the code, rather than as a property? Thanks --AdamSmith

Oh, sorry for not being clear (and for the late reply too). I meant that in the source code I saw that the property being read is named 'jspwiki.auth.useOldAuth' and such should be used in the properties or else it will not work. --RafalSmyka

--> I did exactly what you guys said but is dooesn't work either. any advice??

Can I make the Wiki private - eg to just a team of people?#

Q: Presumably I have a number of ways of doing this. I can access control to the Apache webserver (if using Apache), or add access control to the Tomcat java servlet engine (if using Tomcat) but is there a third way? Will JSPWiki use a username if specified through Tomcat or Apache? AlexMcLintock Jul 2003

A:If BASIC authentication is enough, take a look at the end of the stock web.xml. There is a security-constraint section that shows how to do default protection; just replace <url-pattern>/Edit.jsp</url-pattern> with <url-pattern>/*</url-pattern> to restrict all access. Also consider the Upload.jsp too.

--JDuprezThe above (editing web.xml)seems to date from v2.1. Does it still work as of v2.3? I Couldn't get the v2.3 security mechanism to achieve that (grant access to a restricted team of people), other than specifying an ACL on each page; see my questions on Security2.3FAQ: Global Group authorization not working? and How to lock the list of registered users?.

--JDuprezOh, and to make things clear, setting up access control in the web.xml implies using and configuring the container-managed security, which is something us MereMortals are not comfortable with...

If you need something more fine-grained, like groups and per-page access definitions - this is being worked on in the 2.1.59 version of the code. See AuthorizationAndAuthenticationHOWTO.

How do I move the Wiki from one machine to another?#

Simple. Since most JSPWiki providers (except some contributed providers) use a file database, you can just copy all JSPWiki directories (the page directory), and the JSPWiki webapp directory to the new location. Don't forget to change any references in the jspwiki.properties file either that refer to the old machine.

However, note that since the built-in providers do rely on the modify date of the files on disk, you should use a file copy procedure that saves the timestamps, if you don't want your RecentChanges to be completely out-of-order.

Can we use Apache acounts for authentication?#

Q: Using Apache web server and Tomcat container, can we pass the apache accounts to jspwiki, and have per page access restriction (view and edit)? if yes, how can that be done?

A: Please discuss it further in UsingApacheForAuthentication.

Username not being shown on modified pages#

Q: I keep getting the following message on all pages -
"This page last changed on Wed Nov 13 16:44:27 EST 2002 by unknown."
Why isn't the "unknown" changed to the username I've logged in as ? My username does showup in the left menu as - "G'day vipul"

A: You're not using any of the versioning file providers: RCSFileProvider or VersioningFileProvider. Since v2.1.21 the FileSystemProvider also stores the author information.

WebSphere Security?#

I am trying to enable the WebSphere Security for the JSPWiki within the WebSphere Studio Application Developer tool. I have it sort of working. An example will explain best. JSPWiki comes with the default url-pattern of /Edit.jsp. This does not secure the edit functionality when I do http://my.company.com/wiki/Edit.jsp?page=Main. It does secure it when I do http://my.company.com/wiki/Edit.jsp. Of course the Edit.jsp page fails at that point. I have tried various url-patterns (/Edit.jsp*, /Edit.jsp?page=*, /Edit.*) and all fail to protect the editing of the page. Has anyone managed to get this working?

I've written my own authentication class. Its not working. How do I debug this? (are there log files of what's going on?)#

I got basic file authentication to work using a password.txt file, but I want to switch over to an LDAP (bluepages) authentication, wrote my own BluePageAuthenticator class, but it fails with this really obvious error: "description: The server encountered an internal error () that prevented it from fulfilling this request" How do I debug this? Don

Probably JSPWiki initialization failed, so you have to take a look at the JSPWiki log files. JSPWiki logs are configured in the "jspwiki.properties" file, near the end.

-- JanneJalkanen

Problem getting Authentication to work properly in jspWiki 2.2.20#

I have the following lines in my jspwiki.properties file ...
jspwiki.authorizer = PageAuthorizer
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = C:\Program Files\Apache Software Foundation\Tomcat 5.5\webapps\DLM\passwords.txt
jspwiki.userdatabase = WikiDatabase
jspwiki.policy.strictLogins = true
jspwiki.useOldAuth = true

Obviously, the backslashes are doubled in the actual file.

My passwords.txt file contains ...

# The format is simply username = password
# No encryption is used currently.
# Comments are allowed; prepend with hash.
efhmjc0 = fozzy

And my DefaultPermissions page contains ...

[{SET defaultpermissions='ALLOW view Guest;DENY edit Guest;ALLOW edit KnownPerson'}]

When I access the Wiki, I'm presented with the Login screen but I keep getting invalid login messages. Any hints as to what I'm missing or should I abandon this path and control authorization/access via Tomcat? -- MikeConmackie

No problems with Log In, but how to Log Out?#

I've developed a template and the "sign in" feature works fine, but how does one implement a "sign out" button? I'm a bit stumped. -- MurrayAltheim

Mixed Case Authentication#

I'm currently looking at creating a multi-wiki implementation:

  1. one wiki that is publicly-readable, and writeable via shared password (or perhaps IP range)
  2. one wiki that is private, either via shared password or via individual accounts (as many as several dozen (i.e., could be managed manually). This one will probably limit access via IP range.
  3. one wiki with roughly 7,000 individual users, each with a username and password, with both public (at least within the wiki) and private areas for each user.

Now, none of these require high security, but at least some reasonable way of handling the passwords. And with that latter wiki, it obviously can't be manually administered. I may be able to obtain account information from our IT support, but I'm not sure yet.

Is there one authentification approach that could be used across all three wikis, or will I have to mix-and-match? -- MurrayAltheim

User 127.0.0.1 has no access - redirecting to login page#

I have installed version 2.3.63 and copied the example pages under Windows XP. However, I can't see any page (well, I get something like blank pages) and I always get the Login form (login and password fields). Any user+password produces "Could not log in: Not a valid login." and, if I click over "Set up a user profile" link, I return to a blank UserPreferences page same as before. The log says that "User 127.0.0.1 has no access - redirecting to login page". Any idea? I just want the same behavior that before (version 2.2)

-- MarianoRico

Mariano: I think this is related to the fact that the 2.3.63 binary WARs fil le doesn't seem to include a jspwiki.jks key store, which you need to successfully run JSPWiki. Nornally, this is included with newly-built WARs. You can confirm this is the case by looking inside the WAR file and checking the directory WEB-INF. If you don't see the .jks file, that would explain everyything.

Something happened with the 2.3.63 binary build, but I don't know the innards of the Ant 'dist' task that does all the magic. Janne?

In the meantime, if you download the source distribution and build the WAR from scratch (ant war), then the required key file will be automatically generated for you. The keys are used to cryptographically sign the JSPWiki JAR, and must be included in the WAR for JSPWiki to function properly.

--Andrew Jaquith, 06-Jan-2006

I also tried the download binary package "12-Dec-2005: JSPWiki 2.3.55-alpha package (2724 kB)" and "06-Dec-2005: JSPWiki 2.3.50 package (2785 kB)". All of them did not have the jspwiki.jks. That is really annoyed since it make the jsp wiki not easy anymore.

However, there is a workaround. Find the jspwiki.policy files which is under WEB-INF and removed all the ==signedBy "jspwiki"==.

--Gilbert Fang, 06-Jan-2006

Hi all, I have downloaded the 2.3.71 binary version. It contains the missing jspwiki.jks and now... everything goes right!!
Thanks a lot for you help and time.
All the best,
-- MarianoRico, 18-Jan-2006


How do i define a Admin Group in the policy?#

I make a group called Admin with the members xxx and in my policy file is this code:
grant signedBy "jspwiki"
  principal com.ecyrd.jspwiki.auth.GroupPrincipal "Admin"{
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:*", "rename,delete";
    permission com.ecyrd.jspwiki.auth.permissions.PagePermission "*:Group*", "rename,delete";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "createPages,createGroups";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editPreferences";
    permission com.ecyrd.jspwiki.auth.permissions.WikiPermission "*", "editProfile";
}; 
and it doesn't work! What is wrong? Please help me.

What version of JSPWiki are you using? The policy block looks fine... have you created a page called GroupAdmin with the member list on it? --Andrew Jaquith

I'm using version 2.3.72-alpha with a JBoss, perhaps JBoss is the problem? I also have created a group call GroupAdmin and set members. --chris

-- JDuprez Have you tried granting Admin ALlPermision? Event if it doesn't suit your need, it may help diagnosing the problem. Moreover, have you tried adding "view" and "edit" for page permission "*:*". Theoretically, "delete" implies "edit", and "edit" implies "view", maybe it's not transitive, or there's a problem here. Eventually, maybe you can make a cheap test with a 2.4.x engine?


If I change anything in the role everything is good, but the groups in the policy doesn't work? What have i to do, to solve this problem? --chris

I have the same problem on the JSPWiki-2.4.15-beta! I have just added my username to the GroupAdmin page. Then I call ...Delete.jsp?page=News and then there is the error, that I don't have the right permisson. What is wrong? --SToennies


Problem with authentification#

I am using JSPWiki 2.3.92-alpha with tomcat.5.0.28 (jdk1.4.2_09). For user authentification I have set up a JNDI data resource. My mysql databse contains an users table and a roles table in the way it is written in the java docs of 'JDBCUserDatabase.java'.

First problem:
If an user register to JSPWiki then the users table is filled with login name, password etc. But there is no entry written to the roles table. I have enabled the logger of the MySQL-Connector, and it seems that JSPWiki is not even trying to write to the roles table. Is this correct?

Second problem:
If an registered user tries to log into JSPWiki then the user is authenticated just for the page after the login action. If the user clicks on a link to go to another page the user falls back to 'asserted'. (My browser accepts cookies).

Perhaps you have an idea or an hint for me, where to search for a solution?

And perhaps you have an official database scheme for MySQL for user authentification via JNDI?

--Matthias Winkel, 18-Jan-2006


Hi Matthias --

The roles table performs no useful function for JSPWiki itself. The roles table is *only* used when the user database shares profile information with the web container. Thus, the roles table isn't written to *unless* JSPWiki has been specifically instructed to share data with the container. The property that does this is jspwiki.userdatabase.isSharedWithContainer in jspwiki.properties.

The reason I put the code in to add records to the roles table is so that you could integrate with container-based authentication, AND have JSPWiki serve as the registrar for the container. When profile data are shared, when you create a profile in JSPWiki it effectively creates a container user at the same time.

As for your other issue, I suspect that you are using container-managed authentication with a JDBC realm, right? The problem is *probably* related to the isSharedWithContainer property. Because the roles table isn't being written to, when your container SELECTs the role list, it won't find any. Thus, it won't match any of the roles in web.xml and thus the container will want you to log in again. Turning on the property should fix the issue.

We do not provide a sample DDL script for creating MySQL tables in JSPWiki. We've got sample creation scripts for Postgresql and McKoi, however (in etc/db). If you would like to take a shot at creating a sample script for MySQL, I will gladly add them to the distribution.

--Andrew Jaquith, 28-Apr-2006


Can anyone explain me how to add authentication in JSPWiki 2.2.23. I tried it but failed.

--Murali Krishna, 06-Jun-2006


Unable to run "admin/SecurityConfig.jsp"
#

I use Tomcat 5.5.17 and JSPWiki 2.4.15 on AIX 5.2.
When executing "admin/SecurityConfig.jsp" this message appears:

JSPWiki has detected an error

Error Message
org.freshcookies.test.TestSignedClass
Exception
java.lang.NoClassDefFoundError
Place where detected
native methodjava.lang.J9VMInternals.verifyImpl(), line -2

Any ideas? Thanks in advance.

---

Can anyone explain me how to add authentication in JSPWiki 2.2.23?
#

I installed JSpWiki in WebSphere (RAD 6) and it works fine.
But I cannot make user profiles and cannot make the login work.
I changed the <welcome-file>Login.jsp</welcome-file> the web.xml.
And added:
jspwiki.authenticator = FileAuthenticator
jspwiki.fileAuthenticator.fileName = /hej.txt
in the jspwiki.properties - file.
Also tried with userdatabase.xml, but no luck there either.
But the wiki tells me: 'Not a valid login'.
What am I doing wrong?
Thanks in advance.


How could I declare my new users?#

--Q--: After installation , I don't know how to administrer my JSPWiki , it doesn't have a space for admin.

And what is the default user ?? and configuration file for user/pass?

I have Login.jsp but no idea how to manipulate. Plz help.


Login does not work, create new users does#

--Q--: After installation, I am unable to log in with any users. In the log4j logs, we see the following errors:

2006-09-28 15:50:26,913 service-j2ee-2 ERROR com.ecyrd.jspwiki.auth.AuthenticationManager JSPWiki:http://localhost:1001/JSPWiki/Wiki.jsp - Couldn't retrieve login configuration. Message=No LoginModules configured for JSPWiki-container

2006-09-28 15:50:26,913 service-j2ee-2 ERROR com.ecyrd.jspwiki.auth.AuthenticationManager JSPWiki:http://localhost:1001/JSPWiki/Wiki.jsp - No login context. Please double-check that JSPWiki found your 'jspwiki.jaas' file or the contents have been appended to your regular JAAS file.

--A--: The error message is fairly specific, and ought to guide you towards the answer. In a nutshell, JSPWiki needs to find it's JAAS login configuration, but it can't. If you are using JBoss, there is a fairly well-known limitation that you need to work around. See the official 2.4 documentation. If you aren't using JBoss, try checking the admin/SecurityConfig.jsp page to see if JSPWiki thinks there's something wrong with your configuration. -- Andrew Jaquith

You also get this on fedora and tomcat5 if the jvm is the default jvm, ie JAVA_HOME="/usr/lib/jvm/java", and not a proper jvm :-) - have to set in /etc/sysconfig/tomcat5 -- Martin West

Hi, I also got this problem. After viewing <my_jspwiki>/admin/SecurityConfig.jsp I've set the java.security.auth.login.config system property on a statup script in a way like this:

java -Djava.security.auth.login.config=/path-to/jspwiki.jaas -jar start.jar
Sorry my bad english :D - Joao Paulo Mafra

Container Authentication#

If you are having problems using JSPWiki with container authentication (e.g. Tomcat's Realms) please see Bug Container Authentication Problems.


Usernames, passwords and roles in a database with Basic authentication#

Hi. This is what I'm trying to do... We currently have a database with a few hundred user accounts and roles. Our intranet uses this database for authentication using Basic authentication. We use an Apache module for this, not Tomcat. And now we would like to add JSPWiki to the website as transparently as possible. My question: What is the best way to have people surf right over to the JSPWiki part of the website from the intranet with the least possible interuptions (like (not) being asked to log in again)? I'm thinking we could tell JSPWiki to use the same realm name as the intranet and keep the domain the same.

Since I know how to get the basic username and password from the HttpServletRequest object I don't mind writing a custom authenticator if necessary.

Can someone give me some good advice? Is it possible to do this? If so how?

Thanks

-- Tim, Dec 29, 2006


Tim --

You need to do two things. First, you need to configure Tomcat so that it trusts the identities set by Apache. This will allow Apache to propagate identities so that they are injected into the Java HTTP request stream. When JSPWiki sees either a 'remoteUser' or 'userPrincipal' property in the request, it will automatically pick it up and treat the user as authenticated.

To configure: if you are using the AJP connector (mod_jk), then you should configure the Tomcat AJP connector's tomcatAuthentication parameter as described here: http://tomcat.apache.org/tomcat-5.5-doc/config/ajp.html.

Second, you need to tell JSPWiki to use the user identity information stored in your database. This can be done by using the JDBCUserDatabase as your user repository. See the Security 2.4 documentation for more details. The jspwiki.properties file also contains a fair amount of commented properties that should give you an idea of how to map specific tables and colums in your user database.

The combination of these two configuration items should mean that 1) you can leverage your Apache authentication as a source of user identity information and 2) that JSPWiki can use this initial identity information to look up the other user identity info (full name, email) in your custom database.

Let us know if this works for you, and if it does, please post your experiences. The database docs on JSPWiki.org are pretty thin, so we could use some more real-life examples.

--Andrew Jaquith, 02-Jan-2007


FYI, I've added some fairly extensive notes on Apache on the official 2.4 documentation website.

--Andrew Jaquith, 03-Jan-2007


Wow! This works great! Thanks, Andrew!

If anyone else wants to do what I did, do this...

In Apache's httpd.conf, make the /JSPWiki directory password protected (with basic authentication) just like the rest of the intranet.

In Tomcat's server.xml, change

<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
to
<Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" tomcatAuthentication="false" />

To set up JDBCUserDatabase, do this...

In tomcat/conf/Catalina/localhost/ create a file called JSPWiki.xml with this content:

 <?xml version="1.0" encoding="UTF-8"?>
 <Context>
 <Resource name="jdbc/theDatabaseName" auth="Container" type="javax.sql.DataSource"
 driverClassName="org.postgresql.Driver" url="jdbc:postgresql:ourDatabase"
 username="the_username" password="the_password"
 maxActive="20" maxIdle="10" maxWait="-1" />
 </Context>
Edit tomcat/webapps/JSPWiki/WEB-INF/web.xml Inside the <web-app> tag, put this (or uncomment it if it's there already)
<resource-ref>
 <description>
   The Database Stuff
 </description>
 <res-ref-name>
   jdbc/theDatabaseName
 </res-ref-name>
 <res-type>
   javax.sql.DataSource
 </res-type>
 <res-auth>
   Container
 </res-auth>
</resource-ref>
Edit tomcat/webapps/JSPWiki/WEB-INF/jspwiki.properties and set these lines: jspwiki.userdatabase = com.ecyrd.jspwiki.auth.user.JDBCUserDatabase jspwiki.userdatabase.datasource=jdbc/theDatabaseName and all the other jspwiki.userdatabase.* and jspwiki.groupdatabase.* if you want

-- Tim


I wanted to set up the Apache auth as well but I don't really know, what auth type I should have set in JSPWiki's web.xml in the login-config entry. If I leave FORM, the logon form keeps popping up despite being logged in to the Apache realm. Is there something obvious I might have missed? Thanks for the helpful comments so far!

--Maciej Rutkowski, 25-Jan-2007


Sorry, I actually forgot to describe my specific configuration. I have an Apache server with Windows Domain auth set up so all my PHP web apps have a common interface they can authenticate users against. I want to deploy JSPWiki with Tomcat in the same environment so I can have a simple kind of SSO right away. Any tips? Thanks in advance!

--Maciej Rutkowski, 25-Jan-2007


Get 2 error pages while logging in even though I am already logged in AnswerMe#

I am on version 2.4.102 and whne i login , the first page that gets displayed is "Page cannot be displayed", if I login again, it takes me to a page where it says "Forbidden... Better luck next time" but if i refresh the page, I find that I am already logged in. Is there any ways to vaoid that 2 times login that I have to do.


i know nothing about it


Can we use single sign on to authenticate against JSPwiki from another application?

--AnonymousCoward, 29-Oct-2008 15:07


LDAP problems#

Hello,

I followed this tutorial :

http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP

Here are the problems encountered :

1- Users have no rights. In addition, the following message appears frequently (at the connection and then after you click "SAVE") :

--- Forbidden

Sorry, but you are not allowed to do that.

Usually we block access to something because you do not have the correct privileges (e.g., read, edit, comment) for the page you are looking for. In this particular case, it is likely that you are not listed in the page’s access control list or that your privileges aren’t high enough (you want to edit, but ACL only allows ‘read’).

It is also possible that JSPWiki cannot find its security policy, or that the policy is not configured correctly. Either of these cases would cause JSPWiki to block access, too.

Better luck next time. ---

2- Passwords encrypted MD5 do not work with JSPWiki (They work with other applications like: Vulture, GLPI ...).

Q: Can these problems be resolved ?

A: Use JSPWiki 2.8 minimum and follow this tutorial : http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP ...


Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-144) was last changed on 25-Jul-2011 22:42 by 89.134.204.251