Registration / Authentication system for Forms

74 views
Skip to first unread message

Eusebio Echevarria

unread,
Sep 20, 2016, 6:21:28 AM9/20/16
to Orbeon Forms
Hi, 

I've been playing with Orbeon PE and from a forms point of view it does everything we need it to do and more. The form wizard layout and the putting of data into a PDF template once complete is excellent, I haven't found any other form product that comes close, especially with repeating rows and complex validations. 

Now I need to link it to a front end which will handle user registrations, standard authentication and authorization etc. 

I have explored using Liferay portal, there are issues with Liferay 7 and latest Orbeon which there is a bug ticket for, either way though, it seems a bit clunky for just user management. 

Does anyone have any examples of front ends they have used, or anything which can act as a gui to handle the tomcat user system?

I saw one topic related to this from 2010 but there were no answers or suggestions given. 

Thanks, 

Eusebio

Erik Bruchez

unread,
Sep 21, 2016, 1:00:48 AM9/21/16
to orb...@googlegroups.com
Eusebio,

> I've been playing with Orbeon PE and from a forms point of view it does
> everything we need it to do and more. The form wizard layout and the
> putting of data into a PDF template once complete is excellent, I haven't
> found any other form product that comes close, especially with repeating
> rows and complex validations.

Thanks for the positive feedback!

> I have explored using Liferay portal, there are issues with Liferay 7 and
> latest Orbeon which there is a bug ticket for, either way though, it seems
> a bit clunky for just user management.

I am not sure if it is clunky, although it can certainly look a bit heavy!
But I have a feeling (which is not very scientific) that a number of Liferay
users are primarily using it for user management! So still, that might be an
option.

I recently found KeyCloak, by RedHat:

http://www.keycloak.org/

It seems to have a number of very interesting features, but we don't have
experience with it yet.

-Erik

--
View this message in context: http://discuss.orbeon.com/Registration-Authentication-system-for-Forms-tp4661779p4661788.html
Sent from the Orbeon Forms community mailing list mailing list archive at Nabble.com.

Eusebio Echevarria

unread,
Sep 21, 2016, 1:52:01 AM9/21/16
to orb...@googlegroups.com
Hi Eric,

Thanks for the response. Heavy is a better description!

I'll check out Keycloak and report back.

Cheers

Eusebio
--
You received this message because you are subscribed to a topic in the Google Groups "Orbeon Forms" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to orbeon+un...@googlegroups.com.
To post to this group, send email to orb...@googlegroups.com.

Eusebio Echevarria

unread,
Sep 21, 2016, 12:24:11 PM9/21/16
to orb...@googlegroups.com
So...I am getting there. 

I have Keycloak installed on the same server and running on a different port. I've gone through a similar setup for a test Tomcat app using Keycloak as auth provider but it isn't kicking into action for some reason. Not sure if anyone else has had a play around with this yet. 

In terms of user registration and management, I've tested it all and that works perfectly, a new theme would be required but that looks straight forward. 

Steps taken so far:-

- Install fresh Tomcat - set roles for manager-gui and admin-gui
- Install fresh Orbeon - tested unauthenticated access
- Install fresh Keycloak (changed ports to not conflict)

- Copied the Tomcat dist jar dependencies into the /lib folder for Keycloak
- Created a context.xml in the /orbeon/META-INF folder and added 

<Context>
        <Valve className="org.keycloak.adapters.tomcat.KeycloakAuthenticatorValve" />
</Context>

- Uncommented the security settings in web.xml and set the auth provider to be KEYCLOAK
- Set a new realm, client and user in Keycloak app for testing
- Setup a new role called 'orbeon-user' in Keycloak and added the test user to this role
- Edited the local.properties.xml to include the new role information and to set the container to be in charge of the auth. 

I think there is something I am missing to push orbeon to send auth requests to Keycloak but currently I just get a 403 forbidden back from Tomcat. 

If anyone is interested in trying out I can send more detailed steps or where I am up to so far. 

Thanks, 

Eusebio




--
You received this message because you are subscribed to a topic in the Google Groups "Orbeon Forms" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/orbeon/yU8gh9ElgSU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to orbeon+unsubscribe@googlegroups.com.

Erik Bruchez

unread,
Sep 21, 2016, 12:57:02 PM9/21/16
to orb...@googlegroups.com
Eusebio,

Cool, thanks for sharing. Hopefully it's just a small thing missing!

-Erik

--
View this message in context: http://discuss.orbeon.com/Registration-Authentication-system-for-Forms-tp4661779p4661792.html

sk85

unread,
Feb 4, 2020, 12:58:21 PM2/4/20
to orb...@googlegroups.com
Hi Eusebio,

Were you able to resolve this issue. I am facing the issue while trying to
integrate with Keycloak.

Thanks
SK

--
Sent from: http://discuss.orbeon.com/

SK

unread,
Feb 4, 2020, 12:58:21 PM2/4/20
to Orbeon Forms
Hi Eusebio,

Were you able to resolve this issue? I am getting the error while trying to integrate with keyCloak.

Thanks
SK
To unsubscribe from this group and all its topics, send an email to orb...@googlegroups.com.

Timo Nisula

unread,
Feb 4, 2020, 1:53:50 PM2/4/20
to orb...@googlegroups.com
Hi,

I'm also interested setup keycloak and orbeon.

Have you created keycloak.json file to WEB-INF folder as mentioned in https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter ?

-Timo

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orbeon+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/orbeon/1580756285943-0.post%40n4.nabble.com.

Sumesh P K

unread,
Feb 4, 2020, 1:57:36 PM2/4/20
to Orbeon Forms
Yes, created the keycloak json and added a context.xml in META-INF folder of orbeon war to include Keycloak Auth Valve. 
Then made changes to properties-local.xml to include container auth details. 
Now, whenever I try to access the orbeon form, it shows me KeyCloak login page, and after succesful athentication it shows me 403. I have checked the role names in keycloak with what's in web.xml security constraint, and all looks correct. I should be missing some small configuration.


On Tuesday, 4 February 2020 10:53:50 UTC-8, Timo Nisula wrote:
Hi,

I'm also interested setup keycloak and orbeon.

Have you created keycloak.json file to WEB-INF folder as mentioned in https://www.keycloak.org/docs/latest/securing_apps/#_tomcat_adapter ?

-Timo

ti 4. helmik. 2020 klo 19.58 sk85 <sume...@aot-technologies.com> kirjoitti:
Hi Eusebio,

Were you able to resolve this issue. I am facing the issue while trying to
integrate with Keycloak.

Thanks
SK

--
Sent from: http://discuss.orbeon.com/

--
You received this message because you are subscribed to the Google Groups "Orbeon Forms" group.
To unsubscribe from this group and stop receiving emails from it, send an email to orb...@googlegroups.com.

Alessandro Vernet

unread,
Feb 4, 2020, 2:20:38 PM2/4/20
to orb...@googlegroups.com
Hi SK,

I've also seen your question on Stack Overflow, and am glad you managed to
do that setup. Since you're getting the Keycloak login page when accessing
Orbeon Forms, it looks to me like you're 95% there :).

Could you set your logging as described in the Development configuration
section of the XForms Logging page (see link below), stop your server,
remove the `orbeon.log`, restart the server, reproduce the issue and attach
the `orbeon.log` you get, along with a screenshot of the webpage with the
403?

https://doc.orbeon.com/configuration/advanced/xforms-logging.html

‑Alex

-----
--
Follow Orbeon on Twitter: @orbeon
Follow me on Twitter: @avernet

SK

unread,
Feb 4, 2020, 2:35:42 PM2/4/20
to Orbeon Forms
Yes, I made some progress, thanks for your help!!

I have those logging changes in place and was trying to see if I can get some details. I can see below item in log;

2020-02-04 11:31:22,115 DEBUG auth  - using `Container` method
2020-02-04 11:31:22,115 DEBUG auth  - usernameOpt: `None`, roles: `Some(staff)`
 
Please find attached the log and screenshot.




SK
Screen Shot 2020-02-04 at 11.31.41 AM.png
orbeon.log

SK

unread,
Feb 4, 2020, 7:41:02 PM2/4/20
to Orbeon Forms
Hi Alex,

If it helps, here is the access log.

0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:20 -0800] "GET /orbeon HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:21 -0800] "GET /orbeon/ HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/ HTTP/1.1" 200 4718
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/config/theme/examples.css HTTP/1.1" 200 136
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/fr/style/form-runner-bootstrap-override.css HTTP/1.1" 200 20737
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/fr/style/bootstrap/css/bootstrap.css HTTP/1.1" 200 133974
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/home.css HTTP/1.1" 200 1477
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/ops/jquery/jquery-3.3.1.min.js HTTP/1.1" 200 87020
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/apps/fr/style/orbeon-navbar-logo.png HTTP/1.1" 200 2278
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/fr-home-small.jpg HTTP/1.1" 200 25548
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-builder-small.jpg HTTP/1.1" 200 57060
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-dmv14-small.jpg HTTP/1.1" 200 23120
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-w9-small.jpg HTTP/1.1" 200 24143
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-bookshelf-small.jpg HTTP/1.1" 200 30046
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-contact-small.jpg HTTP/1.1" 200 22838
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:22 -0800] "GET /orbeon/home/images/form-controls-small.jpg HTTP/1.1" 200 57003
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:24 -0800] "GET /orbeon/fr/orbeon/builder/new HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:36 -0800] "GET /orbeon/fr/orbeon/builder/new?state=d23dd397-0321-4677-a77e-446e85a588bc&session_state=66cfb1d0-08b3-4b4d-b429-ee46154b1a19&code=aa9fada0-3967-4783-a24a-09036d8b64ba.66cfb1d0-08b3-4b4d-b429-ee46154b1a19.6cef742c-be89-481d-a41f-9b182a1c2b25 HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - d4c50be0-ac68-4022-910d-3167484ad9e4 [04/Feb/2020:11:31:36 -0800] "GET /orbeon/fr/orbeon/builder/new HTTP/1.1" 403 688
0:0:0:0:0:0:0:1 - - [04/Feb/2020:11:31:36 -0800] "GET /favicon.ico HTTP/1.1" 200 21630


Thanks
SK

Alessandro Vernet

unread,
Feb 4, 2020, 8:41:46 PM2/4/20
to orb...@googlegroups.com
Hi SK,

It seems that a role, `staff`, was passed, but no username, and Orbeon Forms
needs a username. Can you think of reason why, given your Keycloak config,
not username would be passed?

SK

unread,
Feb 5, 2020, 6:24:10 PM2/5/20
to Orbeon Forms
Thanks Alex.
I was using our organization's hosted version of keycloak from local orbeon. I tried with a fresh localhost installation of keycloak and it works with orbeon. :)
It should be some network or certificate related issues. I will update it here, if I find anything. 
Really appreciate your help!
 
SK

Alessandro Vernet

unread,
Feb 5, 2020, 7:19:08 PM2/5/20
to orb...@googlegroups.com
Excellent SK! I'm glad that authentication through Keycloak is now working
fine for you, and thank you for the update.
Reply all
Reply to author
Forward
0 new messages