MindTouch Community Portal
Logged in: Logged in as: Log in
Register
Search:
Page last modified 13:51, 27 Feb 2010 by MaxM
MindTouch Community Portal > MindTouch Community Portal > Knowledge Base > How do I authenticate users with a 3rd party web site
Page Notifications Off
Was this page helpful?

How do I authenticate users with a 3rd party web site

    If you have an existing web application that uses 'simple' http authentication to accept user credentials then you can pass credentials entered in MindTouch validate against it. This effectively delegates all validation of credentials to another system allowing the user accounts from the other system to be used within MindTouch with the same passwords.

    Note that this is not 'automatic signon' and will require a username/password from the user to login.

    Example scenarios

    • You have another web application that your users log into with a username/password.
    • You have a directory or web page protected by .htaccess / .htpasswd
    • You know of an internet site (running whatever web software) which have users that you'd like to invite to your wiki
    • You have any URI you can point your browser to and get a standard browser login dialog for which you and your colleagues have access

    Requirements

    The web application / remote site / whatever needs to expose a single URI which requires authentication. 

    1. The URI needs to return an HTTP status 401 (unauthorized) for anonymous users or when credentials were not provided.
    2. The URI needs to return an HTTP status 401 for invalid or unknown credentials.
    3. The URI needs to return an HTTP status 200 if valid credentials are provided. 

    A simple test of all of these requirements is to point your web browser to this URI. If you get a browser based login dialog then 1 is satisifed. If you enter invalid credentials and the same dialog comes up, 2 is satisfied. If you enter valid credentials and the dialog goes away and you see some sort of content then 3 is satisfied.

    Downsides

    Since only user credentials are getting transmitted, groups will not work for this authentication provider. 

    Setup

    Add the HttpPassThroughService authentication provider by logging into your wiki as an admin and going to control panel -> service management.

    Add a local service with type authentication.

    Enter the SID:

    http://services.mindtouch.com/deki/draft/2007/07/http-authentication 

    Enter your URI of choice a configuration setting "authentication-uri" (no quotes).

    Type a description that users will see from the login page. Make sure it's enabled and optionally set it as the default. Save the service.

    Troubleshooting and common issues

    • Check the logs of your remote service as well as the MindTouch logs (in bin/logs)
    • Use an http sniffer to see whats getting sent
    • Get help at the technical forum @ http://forums.opengarden.org and stop by the irc channel: irc.freenode.net #opengarden
    Was this page helpful?
    Tag page
    What links here

    Files 0

    Attach file or image
     
    Viewing 1 of 1 comments: view all
    #1
    SteveB says:
    NOTE: this service is for delegating login authentication of the API from the built in account manager to a HTTP server. It is not useful for trying to authenticate third party services.
    Posted 09:23, 15 Aug 2010
    Viewing 1 of 1 comments: view all
    You must login to post a comment.
    MindTouch Social Knowledge Base

    Copyright © 2011 MindTouch, Inc. Powered by