Records in this category

Sticky FAQs

»

ID #1156

How should a Muse application be configured for IP authentication?

To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.

 

A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:

- log into the MCAA console as a mcaa based user;

- select the desired Muse application, then click Login Modules;

- if the IP module is not enabled already, then click Add and then selectcom.edulib.ice.security.authentication.ICELoginModuleIP login module; click Add;

- click Edit to edit the ICELoginModuleIP module;

- click Edit User Access Rules and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);

- click "Update".

 

B) For Muse versions before 2500, the modifications to be done are:

- $MUSE_HOME/use/ice/jaas.config - locate application's entry in this file. If not found, then you must add an entry for it. Supposing the application's ID is appid, then the following entry must be added:

appid {
 com.edulib.ice.security.authentication.ICELoginModuleXML required  passwords="${ICE_HOME}/profiles/passwords.xml";
 com.edulib.ice.security.authentication.ICELoginModuleIP required  hosts="${ICE_HOME}/profiles/hosts.xml";
};

Note: if the above entry already exists for the appid application, then only the bold line must be added.

- $MUSE_HOME/use/ice/profiles/hosts - an entry like next must be added:

  <USER_RULE> 
    <ID>appid</ID> 
    <ALLOW>IP or address template</ALLOW>
  </USER_RULE>

Note: 'IP or address template' can be any of the following:
 - a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP 217.156.14.2
 - a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *.museglobal.ro.
 - an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1's at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
 - E.g. 217.156.14.0/28 will match IP 217.156.14.2 and it is equivalent with 217.156.14.0/255.255.255.240
 - E.g. 217.156.14.0/255.255.255.240 will match IP 217.156.14.2

 

As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:

<body onload="document.logonForm.submit()">
<form name="logonForm" action="/muse/servlet/MusePeer" method="post">
<input type="hidden" name="action" value="logon" />
<input type="hidden" name="errorTemplate" value="logon/appid/error.html" />
<input type="hidden" name="userID" value="appid" />
<input type="hidden" name="userPwd" value="app_pass" />
</form>

 

The URL to access the autologon page is:

http://Muse_host:PORT/muse/logon/appid/autologon_page.html

where:

  • Muse_host is the hostname of the Muse system;
  • PORT is the port value on which Muse HTTP / Embedded Apache Tomcat server is configured to listen (default 8000);
  • appid is the application ID;
  • autologon_page.html is the page which contains the above HTML form.

Tags: access, authentication, auto, direct, ip, login

Related entries: -

Last update: 2013-09-02 16:25
Author: Administrator
Revision: 1.0

Print this record Send FAQ to a friend Show this as PDF file
Rate this FAQ

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry

powered by phpMyFAQ 2.7.2