KB Article #: 13321

Topic/Category: SSO

Applies to: v4.0.x

Issue:

After configuring SSO using the Authentication Type 1 or 2 in the Web.xml, some user will encounter a log in failure or an Error page in the web browser telling the user that “Access is Denied”.

2016-12-01_1540

 

 

Root Cause:

The issue seems to be due to the incorrect ordering of the SSO Authentication filter in web.xml. We need to re-order the sequencing of information so that authentication filter comes before authorization filter.

 

Solution:

Steps to resolve the issue:

  1. Please find and cut the highlighted configuration below located in Ephesoft\Application\WEB-INF\web.xml
    <!– Authentication Filter for SSO –>
    <filter>
    <filter-name>authenticationFilter</filter-name>
    <filter-class>com.ephesoft.dcma.webapp.AuthenticationFilter</filter-class>
    <!– Name of HTTP header containing User Name. –>
    <init-param>
    <param-name>requestUsernameHeader</param-name>
    <param-value>REMOTE_USER</param-value>
    </init-param>
    <!– Name of HTTP header containing Group Name. –>
    <init-param>
    <param-name>requestGroupnameHeader</param-name>
    <param-value>GROUP_USER</param-value>
    </init-param>
    <!– Name of HTTP header containing Super Admin. –>
    <init-param>
    <param-name>requestSuperAdminHeader</param-name>
    <param-value>SUPER_ADMIN</param-value>
    </init-param>
    <!– Logout URL –>
    <init-param>
    <param-name>logoutUrl</param-name>
    <param-value>https://www.eauth.usda.gov/Logout/logoff.asp</param-value>
    </init-param>
    </filter>
    <filter-mapping>
    <filter-name>authenticationFilter</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>
    <filter>
  2. Paste the lines that were cut just after the context-param tag that defines the protocol being used by the application.
  3. Save the file and Restart the Ephesoft Service.

Note: Basically this filter needs to be before the authorization filter tag, See the example below.

 

 

<context-param>

<param-name>protocol</param-name>

<param-value>http</param-value>

</context-param>

<!– Authentication Filter for SSO –>

<filter>

<filter-name>authenticationFilter</filter-name>

<filter-class>com.ephesoft.dcma.webapp.AuthenticationFilter</filter-class>

<!– Name of HTTP header containing User Name. –>

<init-param>

<param-name>requestUsernameHeader</param-name>

<param-value>REMOTE_USER</param-value>

</init-param>

<!– Name of HTTP header containing Group Name. –>

<init-param>

<param-name>requestGroupnameHeader</param-name>

<param-value>GROUP_USER</param-value>

</init-param>

<!– Name of HTTP header containing Super Admin. –>

<init-param>

<param-name>requestSuperAdminHeader</param-name>

<param-value>SUPER_ADMIN</param-value>

</init-param>

<!– Logout URL –>

<init-param>

<param-name>logoutUrl</param-name>

<param-value>https://www.eauth.usda.gov/Logout/logoff.asp</param-value>

</init-param>

</filter>

<filter-mapping>

<filter-name>authenticationFilter</filter-name>

<url-pattern>/*</url-pattern>

</filter-mapping>

<filter>

<filter-name>headerFilter</filter-name>

<filter-class>com.ephesoft.dcma.webapp.HTTPHeaderFilter</filter-class>

</filter>

<filter>

<filter-name>hibernate.dcma</filter-name>

<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>

</filter>

<!—->

<filter>

<filter-name>serverAuthorizationFilter</filter-name>

<filter-class>com.ephesoft.dcma.webapp.AuthorizationFilter</filter-class>

</filter>

Was this article helpful to you?

wikiadmin

Comments are closed.