Muse Proxy FAQ
Muse Proxy
MuseProxyFoundationHMAC
for example.
2) Edit the file
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC\
profiles\AuthenticationGroups.xml
and do the following:
– Locate the
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
node and remove its content, thus obtaining an empty node:
<AUTHENTICATIONS>
</AUTHENTICATIONS>
– Edit the value of the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/NAME
to be:
HMAC Authentication
– Add the following sequence under the node
/ICE-CONFIG/AUTHENTICATION_GROUPS/AUTHENTICATION_GROUP/AUTHENTICATIONS
<AUTHENTICATION>
<IDENTIFIER>9</IDENTIFIER>
<LEVEL>requisite</LEVEL>
<CLASS>com.edulib.muse.proxy.authentication.modules.ProxyLoginModuleHMAC
</CLASS>
<HANDLER>
<CLASS>com.edulib.muse.proxy.authentication.modules
.ProxyLoginModuleHMACDataHandlerXml</CLASS>
<PARAMETERS>
<CONFIGURATION_FILE>${WEB_CONTEXT_HOME}/profiles/login
/ProxyLoginModuleHMAC.xml</CONFIGURATION_FILE>
</PARAMETERS>
</HANDLER>
</AUTHENTICATION>
(make sure that after pasting the content the XML file is still valid)
3) Refresh the applications properties via the Muse Proxy Administrator Console -> Advanced left menu section -> Operations item -> Refresh Applications button.
Now the HMAC is set with HMAC
authentication.
4) Establish and configure the parameters for the HMAC
authentication. For this edit the file:
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml
and make changes according to your requirements. E.g. you may want to change the secret value (default is quiet) and the parameters that you want to hash as part of the signature. By default only the userName (Application ID) and timestamp are used, however you can add the userAgent and/or referer and/or userAddress to be hashed.
We assume for the examples purposes that all defaults remain (e.g. the quiet secret and userName.timestamp as message to sign with Hmac
SHA1).
Assuming that you want to proxify an URL (ex. http://www.amazon.com/) for the MuseProxyFoundationHMAC
Muse Proxy application, the generated HMAC
URL will look like:
http://MUSE_PROXY_HOST:PORT/MuseProxyFoundationHMAC?userName=MuseProxyFoundationHMAC
&ts=1469524141&sig=ee5a160dbd37c4867e34e6147a3421d2289bec14
&qurl=http%3A%2F%2Fwww.amazon.com%2F
where MUSE_PROXY_HOST:PORT are the Muse Proxy server details.
Note that by default the validity of this URL is 30 seconds.
For more detailed information on enabling and configuring HMAC
authentication refer to the Muse Proxy Advanced Configuration.pdf manual, 6.4.5.8 ProxyLoginModuleHMAC
chapter.
5) Create your server side implementation that will generate dynamically the HMAC
link(s).
Notes:
1) The generated HMAC
URL will work only for 30 seconds (configurable in the value of the TS_EXPIRY field in
$MUSE_HOME\proxy\webcontexts\Applications\MuseProxyFoundationHMAC
\profiles\login\ProxyLoginModuleHMAC.xml)
2) The server generating the HMAC
links and the Muse Proxy server must be time synchronized. This is a must, otherwise if the 2 machines are not synchronized with regard to the time, the HMAC
links will not work due to the validity value of the signature.
3) If you create proxified links, the destination URL (e.g the value of the qurl parameter) must be URL encoded.Load More
The Muse Proxy Application UI is based on skins.
If you want to customize the look and feel for a Muse Proxy Application we recommend the following approach:
– copy the existing skin with a different name. The skins folder is located on disk in the following location:
%MUSE_HOME%\proxy\webcontexts\Applications\
APPLICATION_ID\www\static\skins
where replace the APPLICATION_ID with the actual ID of the Muse Proxy Application.
– make the desired changes in the new skin;
– configure the Muse Proxy Application to use the new skin. This is done by editing the file:
%MUSE_HOME%\proxy\webcontexts\Applications\
APPLICATION_ID\www\application.inc
and changing the value of the variable applicationSkinId with the name of the new skin;
In the Muse Proxy.pdf manual, chapter Customize Muse Proxy Application Interface you can find information for how to customize the Muse Proxy Application UI.
For authenticating the end-users into a Muse Proxy Application the following authentication modules are available:
–ProxyLoginModuleUserPassword.
Performs User Name/Password authentication.
–ProxyLoginModuleIP.
Performs IP authentication based on client machine IP.
–ProxyLoginModuleLDAP.
Performs authentication against a LDAP Server.
–ProxyLoginModuleFTP.
Performs authentication against a FTP Server. The FTP authentication module supports NONE, SSL or TLS connection encryptions.
– ProxyLoginModuleIMAP. Performs authentication against a IMAP Server. The IMAP authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleSQL.
Performs authentication against an SQL Server through Java Database Connectivity (JDBC). The SQL authentication module supports NONE, SSL or TLS connection encryptions.
–ProxyLoginModuleReferer.
Performs authentication against the client’s referer URL.
You can read more about the authentication in a Muse Proxy Application in the “Muse Proxy.pdf” manual, chapter “Authentication of a Muse Proxy Application”.