How should a Muse application be configured for IP authentication?

To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.

A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:

– log into the MCAA console as a mcaa based user;

– select the desired Muse application, then click Login Modules;

– if the IP module is not enabled already, then click Add and then login module; click Add;

– click Edit to edit the ICELoginModuleIP module;

– click Edit User Access Rules and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);

– click “Update”.

B) For Muse versions before 2500, the modifications to be done are:

$MUSE_HOME/use/ice/jaas.config – locate application’s entry in this file. If not found, then you must add an entry for it. Supposing the application’s ID is appid, then the following entry must be added:

appid { required passwords="${ICE_HOME}/profiles/passwords.xml"; required hosts="${ICE_HOME}/profiles/hosts.xml";

Note: if the above entry already exists for the appid application, then only the bold line must be added.

$MUSE_HOME/use/ice/profiles/hosts – an entry like next must be added:
<ALLOW>IP or address template</ALLOW>

Note: ‘IP or address template’ can be any of the following:
– a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP
– a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *
– an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to
– E.g. will match IP and it is equivalent with
– E.g. will match IP
As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:
<body onload="document.logonForm.submit()">
<form name="logonForm" action="/muse/servlet/MusePeer" method="post">
<input type="hidden" name="action" value="logon" />
<input type="hidden" name="errorTemplate" value="logon/appid/error.html" />
<input type="hidden" name="userID" value="appid" />
<input type="hidden" name="userPwd" value="app_pass" />

The URL to access the autologon page is:



  • Muse_host is the hostname of the Muse system;
  • PORT is the port value on which Muse HTTP / Embedded Apache Tomcat server is configured to listen (default 8000);
  • appid is the application ID;
  • autologon_page.html is the page which contains the above HTML form.