wiki:Software/Productionalisation/ExternalAuth
Last modified 6 years ago Last modified on 09/21/12 12:06:53

Using an external Authentication mechanism via Apache

Assuming you're proxying with Apache either with or without SSL you can set up Apache to handle authentication via an external module e.g. Shibboleth or Cosign.

First of all, you need to tell Apache not to proxy the path where the authentication module is sitting. For Shib add the following *above* your "ProxyPass?" directive:

 ProxyPass /Shibboleth.sso !

or for Cosign:

 ProxyPass /cosign/valid !

To disable Spring security comment out the following line in /opt/raptor/web/webapp/raptor-web/WEB-INF/config/security/xml :

<s:intercept-url pattern="/spring/**" access="isAuthenticated()" />

Finally, comment out the logout option in /opt/raptor/web/webapp/raptor-web/templates/raptor/full.xhtml :

 <li><a href="#{contextPath}/j_spring_security_logout">Logout</a></li>