Hello Ivy-Comunity!

When logged in to Apache (and to Tomcat) the User is not taken by Ivy.

In a testing environment I have the following constellation:

  • Linux environment with Ivy 5.1.3 attached to AD
  • Apache Server with Kerberos Login attached to the same AD
  • Ajp-Connector to Ivy-Tomcat
  • A jsp testing Page in the Ivy-Environment (applicationHome on the Application-wf-Page)

So this Page shows me by asking request.getRemoteUser() that this User is logged in: Hans.Tester@TESTENV.LOCAL and a HTTP Session request.getSession().getId(). But getting the Ivy-User by ivySession.getSessionUser() returns null. Except when Logged in manualy the result Hans.Tester for the Ivy-Session.

So why is that? Or how can I make shure, that the Session is taken correctly by ivy?

First guess is, that the username comes with the Environment (TESTENV.LOCAL). If it is the Issue, how to shut that down?

With further investigation I found out more:

  • In a Windows-Environment under IIS the UserName of the Tomcat-Session is in this format: TESTENV\Alexis.Suter
  • The Ivy-Session is not saved into Tomcat-request. (When only logging in to Ivy)

Thanks in advance!

asked 13.05.2015 at 09:04

Alexis's gravatar image

Alexis
719912
accept rate: 66%

edited 15.05.2015 at 14:15


After a lot of research I found this solution.

In httpd.conf I added this code to the Location-Tag (< Location /ivy5 >) it will simply chopp off the @REALM from the User sent to Ivy. It is so far the simplest and possibly the only way to modify the User before it is given to Tomcat.

    RewriteEngine On
    RewriteCond %{LA-U:REMOTE_USER} ^(.+)@.*$
    RewriteRule ^ - [E=JK_REMOTE_USER:%1]

Most informations I got from: httpd.apache.org/docs/2.2/mod/mod_rewrite.html

link

answered 20.05.2015 at 16:19

Alexis's gravatar image

Alexis
719912
accept rate: 66%

Hi Alexis

The problem is that Axon.ivy is not prepared that the user name is in the format user@domain. It can handle SSO if the user name is in format user or like in IIS domain\user.

Try to change Apache configuration to provide the user name in a support format.

If this is not possible and it is important for your project sent a feature request to our support so that we can also support the format provided by Apache.

link

answered 18.05.2015 at 11:06

Reto%20Weiss's gravatar image

Reto Weiss ♦♦
4.9k182756
accept rate: 74%

Hello Reto

Thanks a lot for this input! It brought me on the right path to focus on Apache-Configuration.

(20.05.2015 at 16:21) Alexis Alexis's gravatar image
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×16
×14
×7

Asked: 13.05.2015 at 09:04

Seen: 1,524 times

Last updated: 20.05.2015 at 16:21