FAQ
FAQ by Product
Most Popular
MuseProxyFoundationHMAC for example.
2) Edit the file
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC\
profiles\AuthenticationGroups.xml
and do the following:
– Locate the
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
node and remove its content, thus obtaining an empty node:
<AUTHENTICATIONS>
</AUTHENTICATIONS>
– Edit the value of the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/NAME
to be:
HMAC Authentication
– Add the following sequence under the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
<AUTHENTICATION>
<IDENTIFIER>9</IDENTIFIER>
<LEVEL>requisite</LEVEL>
<CLASS>com.edulib.muse.proxy.authentication.modules.ProxyLoginModuleHMAC
</CLASS>
<HANDLER>
<CLASS>com.edulib.muse.proxy.authentication.modules
.ProxyLoginModuleHMACDataHandlerXml</CLASS>
<PARAMETERS>
<CONFIGURATION_FILE>${WEB_CONTEXT_HOME}/profiles/login
/ProxyLoginModuleHMAC.xml</CONFIGURATION_FILE>
</PARAMETERS>
</HANDLER>
</AUTHENTICATION>
(make sure that after pasting the content the XML file is still valid)
3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button.
Now the HMAC is set with HMAC authentication.
4) Establish and configure the parameters for the HMAC authentication. For this edit the file:
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml
and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed.
We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with HmacSHA1).
Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC Muse Proxy application, the generated HMAC URL will look like:
http://MUSE_PROXY_HOST:PORT/MuseProxyFoundationHMAC?userName=MuseProxyFoundationHMAC
&ts=1469524141&sig=ee5a160dbd37c4867e34e6147a3421d2289bec14
&qurl=http%3A%2F%2Fwww.amazon.com%2F
where MUSE_PROXY_HOST:PORT are the Muse Proxy server details.
Note that by default the validity of this URL is 30 seconds.
For more detailed information on enabling and configuring HMAC authentication refer to the Muse Proxy Advanced Configuration.pdf manual, 6.4.5.8 ProxyLoginModuleHMAC chapter.
5) Create your server side implementation that will generate dynamically the HMAC link(s).
Notes:
1) The generated HMAC URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml)
2) The server generating the HMAC links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC links will not work due to the validity value of the signature.
3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.You can configure LDAP authentication as a single authentication method. The steps are:
– copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml" to
${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, locate the line:
with
| User Name: | |
| Password: | |
where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication
Load More
Latest
You can configure LDAP authentication as a single authentication method. The steps are:
– copy the ${MUSE_HOME}/use/ice/profiles/ICELoginModuleLDAP.xml file into the application which is to be configured, into the ${MUSE_HOME}/home/ApplicationID/profiles/ folder, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– configure the necessary Muse login modules for the application. Below is their list in the correct order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of applications and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” .
– Configure the properties of the ICELoginModuleLDAP login module:
– in the MCAA console select the desired application from the list of applications and click on the left menu – “Login Modules” and in the “Login Modules” panel click on the “Edit” link from next to the ICELoginModuleLDAP entry;
– in the editor page change the value for the “config” field from the default "${ICE_HOME}/profiles/ICELoginModuleLDAP.xml" to
${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– click the “Update” button;
– click the “Edit Config File” and configure the elements specific to the LDAP server, such as LDAP-URL, BASE-DN…etc.
– Create a login page where the enduser will enter his/hers LDAP credentials to login into the application:
– create a backup copy of the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication.
– edit the ${MUSE_HOME}/web/www/logon/ApplicationID/index.html file, locate the line:
with
| User Name: | |
| Password: | |
where replace the 2 ApplicationID occurrences with the exact application ID you wish to configure with LDAP authentication and ApplicationPassword with the right password.
– the access URL for authenticating with LDAP credentials in this application is:
http://MUSE_SERVER:MUSE_PORT/muse/logon/ApplicationID/
where replace ApplicationID with the exact application ID you wish to configure with LDAP authentication
The overall steps would be:
1) Create the new application as copy of the MuseProxyFoundation template, the ID of the new application to be MuseProxyFoundationHMAC for example.
2) Edit the file
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC\
profiles\AuthenticationGroups.xml
and do the following:
– Locate the
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
node and remove its content, thus obtaining an empty node:
<AUTHENTICATIONS>
</AUTHENTICATIONS>
– Edit the value of the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/NAME
to be:
HMAC Authentication
– Add the following sequence under the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
<AUTHENTICATION>
<IDENTIFIER>9</IDENTIFIER>
<LEVEL>requisite</LEVEL>
<CLASS>com.edulib.muse.proxy.authentication.modules.ProxyLoginModuleHMAC
</CLASS>
<HANDLER>
<CLASS>com.edulib.muse.proxy.authentication.modules
.ProxyLoginModuleHMACDataHandlerXml</CLASS>
<PARAMETERS>
<CONFIGURATION_FILE>${WEB_CONTEXT_HOME}/profiles/login
/ProxyLoginModuleHMAC.xml</CONFIGURATION_FILE>
</PARAMETERS>
</HANDLER>
</AUTHENTICATION>
(make sure that after pasting the content the XML file is still valid)
3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button.
Now the HMAC is set with HMAC authentication.
4) Establish and configure the parameters for the HMAC authentication. For this edit the file:
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml
and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed.
We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with HmacSHA1).
Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC Muse Proxy application, the generated HMAC URL will look like:
http://MUSE_PROXY_HOST:PORT/MuseProxyFoundationHMAC?userName=MuseProxyFoundationHMAC
&ts=1469524141&sig=ee5a160dbd37c4867e34e6147a3421d2289bec14
&qurl=http%3A%2F%2Fwww.amazon.com%2F
where MUSE_PROXY_HOST:PORT are the Muse Proxy server details.
Note that by default the validity of this URL is 30 seconds.
For more detailed information on enabling and configuring HMAC authentication refer to the Muse Proxy Advanced Configuration.pdf manual, 6.4.5.8 ProxyLoginModuleHMAC chapter.
5) Create your server side implementation that will generate dynamically the HMAC link(s).
Notes:
1) The generated HMAC URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml)
2) The server generating the HMAC links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC links will not work due to the validity value of the signature.
3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.