How should a Muse application be configured for IP authentication?

To configure an application that uses username/password authentication method to use also IP authentication, one must do some configurations.

A) For Muse version 2500, the admin console can be used to add/edit the IP authentication of a Muse application:

– log into the MCAA console as a mcaa based user;

– select the desired Muse application, then click Login Modules;

– if the IP module is not enabled already, then click Add and then selectcom.edulib.ice.security.authentication.ICELoginModuleIP login module; click Add;

– click Edit to edit the ICELoginModuleIP module;

– click Edit User Access Rules and then Insert one by one the IP rules. They can consist in IP, IP classes or regular expressions that describe the needed range(s);

– click “Update”.

B) For Muse versions before 2500, the modifications to be done are:

– $MUSE_HOME/use/ice/jaas.config – locate application’s entry in this file. If not found, then you must add an entry for it. Supposing the application’s ID is appid, then the following entry must be added:

appid {
com.edulib.ice.security.authentication.ICELoginModuleXML required passwords="${ICE_HOME}/profiles/passwords.xml";
com.edulib.ice.security.authentication.ICELoginModuleIP required hosts="${ICE_HOME}/profiles/hosts.xml";
};

Note: if the above entry already exists for the appid application, then only the bold line must be added.

– $MUSE_HOME/use/ice/profiles/hosts – an entry like next must be added:
<USER_RULE>
<ID>appid</ID>
<ALLOW>IP or address template</ALLOW>
</USER_RULE>

Note: ‘IP or address template’ can be any of the following:
– a regular expression that will be matched against the IP address the connection is coming from. E.g. 217.156.14.* will match IP 217.156.14.2
– a regular expression that will be matched against the domain name of the IP address the connection is coming from. E.g. *.museglobal.ro.
– an address/mask notation that will be matched against the IP address the connection is coming from. The mask can be either a net-work mask or a plain number, specifying the number of 1’s at the left side of the network mask. Thus, a mask of 24 is equivalent to 255.255.255.0.
– E.g. 217.156.14.0/28 will match IP 217.156.14.2 and it is equivalent with 217.156.14.0/255.255.255.240
– E.g. 217.156.14.0/255.255.255.240 will match IP 217.156.14.2
As a consequence of IP authentication, one may want to facilitate IP access to the application without having the user to fill in every time the username/password fields. To do this, one can create a html page located in $MUSE_HOME/web/www/logon/appid/ directory. This page should contain a simple login form that submits itself on page load event. Eg:
<body onload="document.logonForm.submit()">
<form name="logonForm" action="/muse/servlet/MusePeer" method="post">
<input type="hidden" name="action" value="logon" />
<input type="hidden" name="errorTemplate" value="logon/appid/error.html" />
<input type="hidden" name="userID" value="appid" />
<input type="hidden" name="userPwd" value="app_pass" />
</form>

The URL to access the autologon page is:

http://Muse_host:PORT/muse/logon/appid/autologon_page.html

where: