3 Replies Latest reply on Jun 17, 2015 8:55 AM by jareeq

    ORDS 3.0 REMOTE_USER format now include domain

    jareeq

      Hi,

       

      Didn't find any information about this.

      After switching ords 2.0.10 to 3.0, my REMOTE_USER name format changed (I'm using SPENGO to authorize users) previously it was only user name like 'jareeq' now it is 'jareeq@MYDOMAIN.COM' is it expected behavior ?

      Thanks

        • 1. Re: ORDS 3.0 REMOTE_USER format now include domain
          Colm Divilly-Oracle

          ORDS does not have any knowledge of SPNEGO. If you've got SPNEGO working with ORDS, then you've either done so by configuring Apache/WebLogic/Tomcat or APEX. Can you provide more information about your environment.

           

          What app server, what APEX version, how have you configured SPNEGO, what OS etc.

          • 2. Re: Re: ORDS 3.0 REMOTE_USER format now include domain
            jareeq

            Sorry for late response - not set remainder properly.

             

            Now to be clear - I'm assuming that this issue has connection with ords because only changed in my configuration is ords.

            I'm using glassfish 4.1 (b13) with ords 2.0.10.289.08.11 (is fine) or ords 3.0.0.121.10.23 (here is problem) with java 1.8.0_31

            Apex is 4.2.6.00.03.

            I'm simply redeploying ords 3.0 instead of 2.0 using same spengo.jar and same configuration directory for ords. Next - after deployment - I'm inserting into app web.xml between servlet-mapping and welcome-file-list (below). It is same os RH 6.2 and same krb5 and login configuration.

            So if it is not ords can you point me where to look for resolution of this issue ?

            Thanks

             

            <filter>
                <filter-name>SpnegoHttpFilter</filter-name>
                <filter-class>net.sourceforge.spnego.SpnegoHttpFilter</filter-class>
            
                <init-param>
                    <param-name>spnego.allow.basic</param-name>
                    <param-value>true</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.allow.localhost</param-name>
                    <param-value>true</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.allow.unsecure.basic</param-name>
                    <param-value>true</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.login.client.module</param-name>
                    <param-value>spnego-client</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.krb5.conf</param-name>
                    <param-value>krb5.conf</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.login.conf</param-name>
                    <param-value>login.conf</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.preauth.username</param-name>
                    <param-value></param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.preauth.password</param-name>
                    <param-value></param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.login.server.module</param-name>
                    <param-value>spnego-server</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.prompt.ntlm</param-name>
                    <param-value>true</param-value>
                </init-param>
              
                <init-param>
                    <param-name>spnego.logger.level</param-name>
                    <param-value>7</param-value>
                </init-param>
                <init-param>
                    <param-name>spnego.allow.delegation</param-name>
                    <param-value>false</param-value>
                </init-param>
            </filter>
            
            
              <filter-mapping>
                <filter-name>SpnegoHttpFilter</filter-name>
                <url-pattern>/*</url-pattern>
              </filter-mapping>
            
            
            • 3. Re: ORDS 3.0 REMOTE_USER format now include domain
              jareeq

              Having some time replaced 3.0 with 2.0 once again - REMOTE_USER with 2.0 is without domain. Still can't figure out why it gets domain addition help will be appreciated :-)

              Temporary changed authorization module to retrieve only first part of REMOTE_USER.