Question 1

How to set up HMAC authentication on a Muse Proxy application?

Accepted Answer

The overall steps would be: 1) Create the new application as copy of the MuseProxyFoundation template, the ID of the new application to be MuseProxyFoundationHMAC for example. 2) Edit the file $MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC\ profiles\AuthenticationGroups.xml and do the following: - Locate the /ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS node and remove its content, thus obtaining an empty node:

<AUTHENTICATIONS>
</AUTHENTICATIONS>

- Edit the value of the node /ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/NAME to be: HMAC Authentication - Add the following sequence under the node /ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS

<AUTHENTICATION>
<IDENTIFIER>9</IDENTIFIER>
<LEVEL>requisite</LEVEL>
<CLASS>com.edulib.muse.proxy.authentication.modules.ProxyLoginModuleHMAC
</CLASS>
<HANDLER>
<CLASS>com.edulib.muse.proxy.authentication.modules
.ProxyLoginModuleHMACDataHandlerXml</CLASS>
<PARAMETERS>
<CONFIGURATION_FILE>${WEB_CONTEXT_HOME}/profiles/login
/ProxyLoginModuleHMAC.xml</CONFIGURATION_FILE>
</PARAMETERS>
</HANDLER>
</AUTHENTICATION>

(make sure that after pasting the content the XML file is still valid) 3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button. Now the HMAC is set with HMAC authentication. 4) Establish and configure the parameters for the HMAC authentication. For this edit the file: $MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC \profiles\login\ProxyLoginModuleHMAC.xml and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed. We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with HmacSHA1). Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC Muse Proxy application, the generated HMAC URL will look like:

http://MUSE_PROXY_HOST:PORT/MuseProxyFoundationHMAC?userName=MuseProxyFoundationHMAC
&ts=1469524141&sig=ee5a160dbd37c4867e34e6147a3421d2289bec14
&qurl=http%3A%2F%2Fwww.amazon.com%2F

where MUSE_PROXY_HOST:PORT are the Muse Proxy server details. Note that by default the validity of this URL is 30 seconds. For more detailed information on enabling and configuring HMAC authentication refer to the Muse Proxy Advanced Configuration.pdf manual, 6.4.5.8 ProxyLoginModuleHMAC chapter. 5) Create your server side implementation that will generate dynamically the HMAC link(s). Notes: 1) The generated HMAC URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in

$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml)

2) The server generating the HMAC links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC links will not work due to the validity value of the signature. 3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.

Question 2

In the Muse Source Console, if a Source is deleted with the Configure tab Delete icon, is it possible to restore it from a previous backup/profile or are the backups also deleted?

Accepted Answer

Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done.  (Please note that your restore is successful even though there is no on-screen confirmation.)

Question 3

He should an admin user be set to control only one application?

Accepted Answer

The procedure of creating a new admin user is fully described in the "Muse Console for Application Administration.pdf" document, chapter "Administrative Users Setup and Maintenance".

A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose "Modify Application". Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.

Question 4

How can I reset a personal profile password?

Accepted Answer

There is a "Forgot your password? Recover it." feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user's email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the "Forgot your password? Recover it." feature.
In the case of an application configured with IP authentication for "in Campus" and Personal User for "off Campus" access, the end user can access the "Forgot your password? Recover it." feature only from in Campus.

Question 5

How can I backup an Application?

Accepted Answer

We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.

The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/" directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak" for each backup action.

Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.

Question 6

What are the rules for creating an Application ID? What kinds of characters are allowed, and is there a length restriction?

Accepted Answer

The Application ID must begin with a letter and can contain only letters, numbers, and underscores. However, the first character of an application ID can only be alphabetic (NOT a numeric or underscore). There is no limitation on the number of characters that the Application ID can contain (no length restrictions). Alphabetic characters can be upper or lower case.

Some suggestions regarding how Application IDs should be created might be:
- add a identifying prefix for each customer if a single customer has many Applications
- add a suffix with the creation date 
- keep the ID as brief as possible, but still efficient and easy to identify/intelligible.

FAQ

FAQ by Product

Muse Search

Muse Proxy

Muse Harvest

Most Popular