FAQ
FAQ by Product
Most Popular
Load More
Latest
MAX_USER_CONCURRENT_SESSIONS
variable, which can be modified as follows:
– system wide level: edit the $MUSE_HOME/use/ice/ICECore.xml
file and change the value of the MAX_USER_CONCURRENT_SESSIONS
tag.
– application level ($APPLICATION_HOME/profile.xml)
: access the application settings via MCAA console (Application Actions > Edit Configuration Options) and set the “User Concurrent Sessions” value as needed. Changes here affect only the application you’re editing.
Note: please be aware that low values can deny access too often while high values can allow unmanageable load on the server. We recommend multiple, small adjustments rather than a single large change.To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.
A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:
– log into the MCAA console as a mcaa based user;
– select the desired Muse application, then click Login Modules;
– if the IP module is not enabled already, then click Add and then selectcom.edulib.ice.security.authentication.ICELoginModuleIP
login module; click Add;
– click Edit to edit the ICELoginModuleIP
module;
– click Edit User Access Rules
and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);
– click “Update”.
B) For Muse versions before 2500, the modifications to be done are:
– $MUSE_HOME/use/ice/jaas.config
– locate application’s entry in this file. If not found, then you must add an entry for it. Supposing the application’s ID is appid, then the following entry must be added:
appid {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP required hosts="${ICE_HOME}/profiles/hosts.xml";
};
Note: if the above entry already exists for the appid application, then only the bold line must be added.
– $MUSE_HOME/use/ice/profiles/hosts
– an entry like next must be added:
Note: ‘IP or address template’ can be any of the following:
– a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP 217.156.14.2
– a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *.museglobal.ro.
– an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
– E.g. 217.156.14.0/28 will match IP 217.156.14.2 and it is equivalent with 217.156.14.0/255.255.255.240
– E.g. 217.156.14.0/255.255.255.240 will match IP 217.156.14.2
As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:
The URL to access the autologon page is:
http://Muse_host:PORT/muse/logon/appid/autologon_page.html
where:
- Muse_host is the hostname of the Muse system;
- PORT is the port value on which Muse HTTP / Embedded Apache Tomcat server is configured to listen (default 8000);
- appid is the application ID;
- autologon_page.html is the page which contains the above HTML form.
For authenticating the end-users into a Muse Proxy Application the following authentication modules are available:
–ProxyLoginModuleUserPassword.
Performs User Name/Password authentication.
–ProxyLoginModuleIP.
Performs IP authentication based on client machine IP.
–ProxyLoginModuleLDAP.
Performs authentication against a LDAP Server.
–ProxyLoginModuleFTP.
Performs authentication against a FTP Server. The FTP authentication module supports NONE, SSL or TLS connection encryptions.
– ProxyLoginModuleIMAP. Performs authentication against a IMAP Server. The IMAP authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleSQL.
Performs authentication against an SQL Server through Java Database Connectivity (JDBC). The SQL authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleReferer.
Performs authentication against the client’s referer URL.
You can read more about the authentication in a Muse Proxy Application in the “Muse Proxy.pdf” manual, chapter “Authentication of a Muse Proxy Application”.