Products
- Muse^® Federated Search, today’s most powerful of its kind, is known as best of multiple target searching and content normalization to a single data model.
- Muse^® Proxy is a highly customizable multi-platform proxy server, easy to use and manage, acting as a gateway to authenticated content.
- Muse^® Harvest is based on different types of controlled extraction, such as search, date or feed based. it features a consistent delivery record format.
  - Overview
  - Features
- Muse^® Hybrid brings a powerful new approach to content discovery by combining real-time global federated searching with high performance central indexed searching.
  - Overview
  - Features
Services
Support
- FAQ
- Downloads
About
Contact

How could be set both IP (on-campus) and LDAP (off-campus) authentication for a Muse application?

The functioning principle of this authentication scenario is as follows:
– the enduser accesses the provided Muse URL;
– if the enduser’s IP is among the IPs/subnets configured for the desired application then he/she will be successfully logged in;
– if the enduser is not IP authenticated then he/she will be presented with a Muse logon form where to enter the personal LDAP authentication details.
Below are the steps to implement this scenario:
1) configure the necessary Muse login modules for the desired application. Below is their list in order along with the correct flag values:
– ICELoginModuleXML – required;
– ICELoginModuleIP – sufficient;
– ICELoginModuleParametersRemap – required;
– ICELoginModuleLDAP – requisite.
The configuration of the login modules is done through the Muse Console for Applications Administration as follows: select the desired application from the list of application and click on the left menu – “Login Modules”; from this location manage the login modules: add, delete or edit them. The ICELoginModuleParametersRemap login module must have the following attributes and values: ldapUserPwd=”wwwAuthPwd” ldapUserID=”wwwAuthID” (see below).
The context for the desired application in the $ICE_HOME/jaas.config file should look like:
ApplicationID {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml"; com.edulib.ice.security.authentication.ICELoginModuleIP sufficient hosts="${ICE_HOME}/profiles/hosts.xml"; com.edulib.ice.security.authentication.ICELoginModuleParametersRemap required ldapUserPwd="wwwAuthPwd" ldapUserID="wwwAuthID"; com.edulib.ice.security.authentication.ICELoginModuleLDAP requisite config="${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml"; };
2) Configure the login modules’ properties.
– copy ${ICE_HOME}/profiles/ICELoginModuleLDAP.xml to ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml (is not already existing);
– for the ICELoginModuleIP login module add a new entry in the ${ICE_HOME}/profiles/hosts.xml file for the desired application along with the list of IPs/subnets that will access the application by IP.
– for the ICELoginModuleLDAP login module make the necessary configurations in the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml with the access details and settings for the LDAP server. The following fields from the ${MUSE_HOME}/home/ApplicationID/profiles/ICELoginModuleLDAP.xml must be filled in with proper values: LDAP-URL, BASE-DN and USER-AUTHENTICATION.
3) Add the necessary HTML files for the desired application for handling the IP/LDAP authentication scenario:
– an index (index.html) file which will be the access point for the enduser; the role of this is to transparently submit the username and password of the application.
<body onload="document.logonForm.submit()"> <form name="logonForm" action="/muse/servlet/MusePeer" method="post"> <input type="hidden" name="action" value="logon" /> <input type="hidden" name="errorTemplate" value="logon/ApplicationID/index2.html" /> <input type="hidden" name="userID" value="ApplicationID" /> <input type="hidden" name="userPwd" value="ApplicationPassword" /> </form> </body> - a page (index2.html) which presents the logon form for the LDAP details in case the IP authentication fails; <form name="logonForm" action="/muse/servlet/MusePeer" method="post"> <input type="hidden" name="action" value="logon" /> <input type="hidden" name="errorTemplate" value="logon/ApplicationID/error.html" /> <input type="hidden" name="userID" value="ApplicationID" /> <input type="hidden" name="userPwd" value="ApplicationPassword" /> <input type="hidden" name="parameterName0" value="wwwAuthID" /> <input type="hidden" name="parameterName1" value="wwwAuthPwd" /> <input type="hidden" name="useProperties" value="true" /> User Name: <input class="input" name="parameterValue0" type="text" size="25" /> Password: <input class="input" name="parameterValue1" type="password" size="25" /> <input class="button" type="submit" title="Login" value="Login" /> </form>

- an error (error.html) page which is displayed in case the LDAP authentication fails too. <form name="logonForm" action="/muse/servlet/MusePeer" method="post"> <input type="hidden" name="action" value="logon" /> <input type="hidden" name="errorTemplate" value="logon/ApplicationID/error.html" /> <input type="hidden" name="userID" value="ApplicationID" /> <input type="hidden" name="userPwd" value="ApplicationID" /> <input type="hidden" name="parameterName0" value="wwwAuthID" /> <input type="hidden" name="parameterName1" value="wwwAuthPwd" /> <input type="hidden" name="useProperties" value="true" /> User Name: <input class="input" name="parameterValue0" type="text" size="25" /> Password: <input class="input" name="parameterValue1" type="password" size="25" /> <input class="button" type="submit" title="Login" value="Login" /> </form>
Note: replace all ApplicationID and ApplicationPassword occurrences with the exact application ID and application password you wish to configure. Also, the html code above is the basic one, with no formatting. Please format it as needed and enclose it in complete/valid html pages.