FAQ

The “Login error: Maximum number of sessions for user … has been reached. Please try again later.” occurs when the application or system level limit on the number of simultaneous users is reached. Limits are built in by default as a protection against one single application logging in so many users that it occupies all the resources of the host server and other application users are effectively denied access. Under normal circumstances the limits can be set appropriately for the expected user population and available server resources (see below) so this error should not occur. But in the case of a software problem or some kind of robot targeting the application this is a useful line of protection. Note that Muse allows administrators to set these logon limits at both the application and system levels. These setting are kept in the MAX_USER_CONCURRENT_SESSIONS variable, which can be modified as follows: – system wide level: edit the $MUSE_HOME/use/ice/ICECore.xml file and change the value of the MAX_USER_CONCURRENT_SESSIONS tag. – application level ($APPLICATION_HOME/profile.xml): access the application settings via MCAA console (Application Actions > Edit Configuration Options) and set the “User Concurrent Sessions” value as needed. Changes here affect only the application you’re editing. Note: please be aware that low values can deny access too often while high values can allow unmanageable load on the server. We recommend multiple, small adjustments rather than a single large change.

To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.

A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:

– log into the MCAA console as a mcaa based user;

– select the desired Muse application, then click Login Modules;

– if the IP module is not enabled already, then click Add and then selectcom.edulib.ice.security.authentication.ICELoginModuleIP login module; click Add;

– click Edit to edit the ICELoginModuleIP module;

– click Edit User Access Rules and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);

– click “Update”.

B) For Muse versions before 2500, the modifications to be done are:

– $MUSE_HOME/use/ice/jaas.config – locate application’s entry in this file. If not found, then you must add an entry for it. Supposing the application’s ID is appid, then the following entry must be added:

appid {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP required hosts="${ICE_HOME}/profiles/hosts.xml";
};

Note: if the above entry already exists for the appid application, then only the bold line must be added.

– $MUSE_HOME/use/ice/profiles/hosts – an entry like next must be added:

appid
IP or address template


Note: ‘IP or address template’ can be any of the following:
– a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP 217.156.14.2
– a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *.museglobal.ro.
– an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
– E.g. 217.156.14.0/28 will match IP 217.156.14.2 and it is equivalent with 217.156.14.0/255.255.255.240
– E.g. 217.156.14.0/255.255.255.240 will match IP 217.156.14.2
As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:

The URL to access the autologon page is:

http://Muse_host:PORT/muse/logon/appid/autologon_page.html

where:

• Muse_host is the hostname of the Muse system;
• PORT is the port value on which Muse HTTP / Embedded Apache Tomcat server is configured to listen (default 8000);
• appid is the application ID;
• autologon_page.html is the page which contains the above HTML form.

For authenticating the end-users into a Muse Proxy Application the following authentication modules are available:
–ProxyLoginModuleUserPassword. Performs User Name/Password authentication.
–ProxyLoginModuleIP. Performs IP authentication based on client machine IP.
–ProxyLoginModuleLDAP. Performs authentication against a LDAP Server.
–ProxyLoginModuleFTP. Performs authentication against a FTP Server. The FTP authentication module supports NONE, SSL or TLS connection encryptions.
– ProxyLoginModuleIMAP. Performs authentication against a IMAP Server. The IMAP authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleSQL. Performs authentication against an SQL Server through Java Database Connectivity (JDBC). The SQL authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleReferer.Performs authentication against the client’s referer URL.

You can read more about the authentication in a Muse Proxy Application in the “Muse Proxy.pdf” manual, chapter “Authentication of a Muse Proxy Application”.