Openfire (ARCHIVED)

Hybrid auth provider

Details

  • Type: New Feature New Feature
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: 2.3.0 Alpha 1
  • Fix Version/s: 3.6.0
  • Component/s: Core
  • Description:
    Hide

    Create a hybrid AuthProvider that can be used to string multiple other AuthProvider implementations together. It will allow a primary, secondary and tertiary provider to be configured. When authentication needs to be done:

    1) Attempt authentication using the primary. If that fails:
    2) Attempt authentication using the secondary. If that fails:
    3) Attempt authentication using the tertiary.

    For each of the providers (primary, secondary, etc), an override list of users can be specified. If a user is in the override list, authentication will only be attempted with that provider.

    Show
    Create a hybrid AuthProvider that can be used to string multiple other AuthProvider implementations together. It will allow a primary, secondary and tertiary provider to be configured. When authentication needs to be done: 1) Attempt authentication using the primary. If that fails: 2) Attempt authentication using the secondary. If that fails: 3) Attempt authentication using the tertiary. For each of the providers (primary, secondary, etc), an override list of users can be specified. If a user is in the override list, authentication will only be attempted with that provider.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Matt Tucker added a comment - 09/18/05 10:59 PM

Note: due to has SASL authentication works, the hybrid auth provider will only work with plain authentication. This is because digest auth resorts to external flow of control with a getPassword() call, which would prevent the three step approach from working.

Show
Matt Tucker added a comment - 09/18/05 10:59 PM Note: due to has SASL authentication works, the hybrid auth provider will only work with plain authentication. This is because digest auth resorts to external flow of control with a getPassword() call, which would prevent the three step approach from working.
Hide
Permalink
Matt Tucker added a comment - 10/17/05 06:47 AM

Some of this work is complete, but is currently low priority so delaying until a later release.

Show
Matt Tucker added a comment - 10/17/05 06:47 AM Some of this work is complete, but is currently low priority so delaying until a later release.
Hide
Permalink
Ben Davis added a comment - 02/11/06 01:42 AM

Need this plus Chinese Wall (JM-349) feature to support non-employee users that can't be added to
the corporate LDAP directory.

Show
Ben Davis added a comment - 02/11/06 01:42 AM Need this plus Chinese Wall (JM-349) feature to support non-employee users that can't be added to the corporate LDAP directory.
Hide
Permalink
Matt Tucker added a comment - 08/16/06 11:06 PM

Note: this feature could be used to support multiple LDAP servers. If auth or loading a user fails on first, try loading from second.

Show
Matt Tucker added a comment - 08/16/06 11:06 PM Note: this feature could be used to support multiple LDAP servers. If auth or loading a user fails on first, try loading from second.
Hide
Permalink
Marc Seeger added a comment - 04/08/08 12:14 PM

Any news?
Here's an update to the provider:
http://pastebin.com/f4bb2c051

Show
Marc Seeger added a comment - 04/08/08 12:14 PM Any news? Here's an update to the provider: http://pastebin.com/f4bb2c051
Hide
Permalink
Daniel Henninger added a comment - 04/08/08 03:14 PM

Looks like we have a Hybrid Auth Provider. I'm assuming it works. =) Your patch appears to create a HybridUserProvider? That's cool. I'll try to squeeze this into the next release, time permitting!

Show
Daniel Henninger added a comment - 04/08/08 03:14 PM Looks like we have a Hybrid Auth Provider. I'm assuming it works. =) Your patch appears to create a HybridUserProvider? That's cool. I'll try to squeeze this into the next release, time permitting!
Hide
Permalink
Daryl Herzmann added a comment - 07/07/08 10:21 PM

Get this in consideration for next release

Show
Daryl Herzmann added a comment - 07/07/08 10:21 PM Get this in consideration for next release
Hide
Permalink
Sindre Schulstad added a comment - 09/11/08 11:27 AM

Could anyone provide a howto on using this? I am trying to create some local users in addition to the ldap users... Is that possible by using this feature?

Show
Sindre Schulstad added a comment - 09/11/08 11:27 AM Could anyone provide a howto on using this? I am trying to create some local users in addition to the ldap users... Is that possible by using this feature?
Hide
Permalink
Maxime Cheramy added a comment - 09/30/08 12:32 PM

Same question than Sindre. I'd like to use this feature... But I don't know how.

Show
Maxime Cheramy added a comment - 09/30/08 12:32 PM Same question than Sindre. I'd like to use this feature... But I don't know how.
Hide
Permalink
Daryl Herzmann added a comment - 09/30/08 05:55 PM

Hi,

You folks may wish to contact the provider's author for implementation details.

http://www.igniterealtime.org/community/people/rb2k

daryl

Show
Daryl Herzmann added a comment - 09/30/08 05:55 PM Hi, You folks may wish to contact the provider's author for implementation details. http://www.igniterealtime.org/community/people/rb2k daryl
Hide
Permalink
Monkey Monster added a comment - 09/30/08 06:36 PM

HOW TO:

In your mySQL database in the ofproperty table update the name-value pairs to the following:

provider.user.className = org.jivesoft.openfire.user.HybridUserProvider
provider.auth.className = org.jivesoft.openfire.user.HybridAuthProvider

Add the following name-value pairs in the table:

hybridAuthProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapAuthProvider
hybridAuthProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultAuthProvider

In the openfile.xml add the following xml snippet:

<hybridUserProvider><primaryProvider><className>org.jivesoft.openfire.ldap.LdapUserProvider</className></primaryProvider></hybridUserProvider>

<hybridUserProvider><secondaryProvider><className>org.jivesoft.openfire.user.DefaultUserProvider</className></secondaryProvider></hybridUserProvider>

I am not sure if the HybridUserProvider class was updated in the 3.6.0a version to look for the properties in the database yet. If it has been then add the following rows in the ofproperty table:

hybridUserProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapUserProvider
hybridUserProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultUserProvider

Hope this helps!

Show
Monkey Monster added a comment - 09/30/08 06:36 PM HOW TO: In your mySQL database in the ofproperty table update the name-value pairs to the following: provider.user.className = org.jivesoft.openfire.user.HybridUserProvider provider.auth.className = org.jivesoft.openfire.user.HybridAuthProvider Add the following name-value pairs in the table: hybridAuthProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapAuthProvider hybridAuthProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultAuthProvider In the openfile.xml add the following xml snippet: <hybridUserProvider><primaryProvider><className>org.jivesoft.openfire.ldap.LdapUserProvider</className></primaryProvider></hybridUserProvider> <hybridUserProvider><secondaryProvider><className>org.jivesoft.openfire.user.DefaultUserProvider</className></secondaryProvider></hybridUserProvider> I am not sure if the HybridUserProvider class was updated in the 3.6.0a version to look for the properties in the database yet. If it has been then add the following rows in the ofproperty table: hybridUserProvider.primaryProvider.className = org.jivesoft.openfire.ldap.LdapUserProvider hybridUserProvider.secondaryProvider.className = org.jivesoft.openfire.auth.DefaultUserProvider Hope this helps!
Hide
Permalink
John added a comment - 12/20/08 11:22 PM

Can anyone help explain how to implement this?

I don't see where to put the HybridUser...java file.

Also, what DB settings do I need?

For instance, I currently use LDAP, which works. When I set the DB settings above, I can no longer login to the admin console or connect as a client.

What my ultimate goal is, is to read users from LDAP, and then also be able to read users from teh Openfire DB so I can add non-LDAP users.

Thanks...

John

Show
John added a comment - 12/20/08 11:22 PM Can anyone help explain how to implement this? I don't see where to put the HybridUser...java file. Also, what DB settings do I need? For instance, I currently use LDAP, which works. When I set the DB settings above, I can no longer login to the admin console or connect as a client. What my ultimate goal is, is to read users from LDAP, and then also be able to read users from teh Openfire DB so I can add non-LDAP users. Thanks... John

People

Dates

  • Created:
    09/18/05 10:57 PM
    Updated:
    12/20/08 11:22 PM
    Resolved:
    08/21/08 08:04 PM
Atlassian JIRA (v4.1.2#531) | Report a problem | Request a feature | Contact administrators
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.