Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Institutions typically use different ways (Shibboleth, LDAP, etc.) to authenticate users. It is difficult to achieve a one-size-fits-all deployment to address all the different authentication is done in OLE. This bottleneck can be cleared by using a reverse proxy.

Reverse Proxy

reverseproxy.png

 

A reverse proxy server is a specialized web server that inspects incoming requests and forwards them to another internal web server after any local processing is completed. It also inspects and makes sure that any response from the internal web server containing URLs are updated with the proper host address.

In our case, the reverse proxy server hosts an Apache HTTP server with modules to implement a proxy (mod_proxy) which would also host the authentication logic. Following successful authentication, the user is passed in the RequestHeader and the request is forwarded to the Tomcat server hosting OLE. Unsuccessful authentication is handled appropriately.

 To get this working successfully a few configurations are needed. The significant ones are listed below for reference.

Configurations on the Apache Tomcat side

Authentication Filter Class

A custom authentication filter is not needed. The behavior of the default HttpServletRequest class is inline with expectations, as it picks up the REMOTE_USER passed in the RequestHeader.

Changes in web.xml

The web.xml file is found at <Application-root>/WEB-INF/

The file contains references to a filter, DummyLoginFilter, which needs to be removed. The filter class configured is DevelopmentLoginFilter which helps in forwarding the user to the login page without any need for password for authentication.

The following lines are to be removed from web.xml

Lines to remove in web.xml
<filter>
	<filter-name>DummyLoginFilter</filter-name>
    <filter-class>org.kuali.ole.sys.web.filter.DevelopmentLoginFilter</filter-class>
    <init-param>
    	<param-name>loginUser</param-name>
        <param-value>ole-quickstart</param-value>
    </init-param>
</filter>
<filter-mapping>
	<filter-name>DummyLoginFilter</filter-name>
    <servlet-name>action</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>DummyLoginFilter</filter-name>
	<servlet-name>dwr-invoker</servlet-name>
</filter-mapping>
<filter-mapping>
	<filter-name>DummyLoginFilter</filter-name>
	<servlet-name>batchFileUpload</servlet-name>
</filter-mapping>
  • No labels

Operated as a Community Resource by the Open Library Foundation