In the 1st et 2d articles about chaining kerberos with OpenAM, there may be some use cases where the « referer » solution may not work, since for example the browser does not always generate it, for security reasons.
In such a case, here’s a more sophisticated 401.jsp page, that requires a Java 7 environment:
<%@ page import="java.io.*"%>
<%@ page import="java.util.*"%>
<%@ page import="javax.servlet.*"%>
<%@ page import="javax.servlet.http.*"%>
<%@ page import="javax.servlet.ServletContext"%>
<%@taglib uri="/WEB-INF/jato.tld" prefix="jato"%>
<%@taglib uri="/WEB-INF/auth.tld" prefix="auth"%>
<%
/*
*(C) 2010 Jim Klimov, JSC COS&HT
*param processing (C) https://www.apl.jhu.edu/~hall/java/Servlet-Tutorial/Servlet-Tutorial-Form-Data.html
Chaining kerberos with OpenAM
The browser will reload the page, preserving the initial request and parameters if any
*/
response.setStatus (response.SC_UNAUTHORIZED);
response.setHeader ("WWW-Authenticate", "Negotiate");
/*
* Default ORG and MODULE/SERVICE values, should override whatever
* was passed to the Login page, if fallback redirect is required
* TODO: Parametrize via serice/property configs
*/
String FallbackServiceURI = "/openam/UI/Login?module=LDAP";
%>
<HTML><HEAD><TITLE>HTTP-401: Unauthorized</TITLE>
<%
Enumeration<String> paramNames = request.getParameterNames();
while(paramNames.hasMoreElements()) {
String paramName = paramNames.nextElement();
if (
paramName.equals("service") ||
paramName.equals("module") ||
paramName.equals("org")
) { ; } else {
String[] paramValues = request.getParameterValues(paramName);
for(int i=0; i<paramValues.length; i++) {
String paramValue = paramValues[i];
FallbackServiceURI += "&"+paramName;
if (paramValue.length() != 0) {
FallbackServiceURI += "="+paramValue;
}
}
}
}
%>
<meta HTTP-EQUIV="refresh" content="0;url=<%= FallbackServiceURI %>">
</HEAD>
<BODY><H1>HTTP-401: Unauthorized</H1>
Proper authorization is required for this area.
Either your browser does not perform authorization,
or your authorization has failed.<br>
Your browser will be redirected to
<a href="<%= FallbackServiceURI %>">default authorization method</a>.
</BODY></HTML>
Specialised in IAM (security, access control, identity management) and Open Source integration, settled in 2004 by IAM industry veteran, JANUA offers high value-added products and services to businesses and governements with a concern for Identity Management and Open Source components.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
JANUA provides better security, build relationships, and enable new cloud, mobile, and IoT offerings from any device or connected thing.
Les derniers articles par janua (tout voir)
- New Keycloak online training - 19 janvier 2022
- Sizing Keycloak or Redhat SSO projects - 8 juin 2021
- Keycloak.X Distribution - 28 janvier 2021