webdashboard login
118 views
Skip to first unread message
Christopher
Jan 5, 2012, 5:58:52 AM1/5/12
to ccnet-user
Hi,
I have set up authentication in CC.NET 1.6 using ldapUsers and this
works. Users can login on the dashboard with their active directory
accounts and I am able to manage what they can or cannot do. By
default, users should be able to see the projects, but are only
allowed to build them if they either have the role 'Builder' or
'Admin'. What puzzles me, is that when a user who hasn't logged in yet
tries to force a build, he is presented with the following exception
message:
Request processing has failed on the remote server: The session token
is either invalid or is for a session that has expired.
This is rather confusing for users and it would be nice if the user
were presented with a login dialog or at the very least a friendly
prompt requesting the user to first login. Even better would be if
users didn't have to login at all and the logged in windows account
were detected automatically.
So, my question is, why am I getting this exception message and isn't
there a more elegant way of handling this?
This is roughly how my security has been configured:
<defaults defaultRight="Deny" viewProject="Allow"/>
<users>
<ldapUser name="john" domain="MyDomain"/>
...
</users>
<permissions>
<rolePermission name="Builder" defaultRight="Deny"
viewProject="Allow" forceBuild="Allow">
<users>
<userName name="john"/>
</users>
</rolePermission>
<rolePermission name="Admin" defaultRight="Allow">
<users>
<userName name="christopher"/>
</users>
</rolePermission>
Then, at the project level, I have added this:
<security type="defaultProjectSecurity" guest="*">
<permissions>
<rolePermission name="Admin" ref="Admin"/>
<rolePermission name="Builder" ref="Builder"/>
</permissions>
</security>
Regards,
Christopher
I have set up authentication in CC.NET 1.6 using ldapUsers and this
works. Users can login on the dashboard with their active directory
accounts and I am able to manage what they can or cannot do. By
default, users should be able to see the projects, but are only
allowed to build them if they either have the role 'Builder' or
'Admin'. What puzzles me, is that when a user who hasn't logged in yet
tries to force a build, he is presented with the following exception
message:
Request processing has failed on the remote server: The session token
is either invalid or is for a session that has expired.
This is rather confusing for users and it would be nice if the user
were presented with a login dialog or at the very least a friendly
prompt requesting the user to first login. Even better would be if
users didn't have to login at all and the logged in windows account
were detected automatically.
So, my question is, why am I getting this exception message and isn't
there a more elegant way of handling this?
This is roughly how my security has been configured:
<defaults defaultRight="Deny" viewProject="Allow"/>
<users>
<ldapUser name="john" domain="MyDomain"/>
...
</users>
<permissions>
<rolePermission name="Builder" defaultRight="Deny"
viewProject="Allow" forceBuild="Allow">
<users>
<userName name="john"/>
</users>
</rolePermission>
<rolePermission name="Admin" defaultRight="Allow">
<users>
<userName name="christopher"/>
</users>
</rolePermission>
Then, at the project level, I have added this:
<security type="defaultProjectSecurity" guest="*">
<permissions>
<rolePermission name="Admin" ref="Admin"/>
<rolePermission name="Builder" ref="Builder"/>
</permissions>
</security>
Regards,
Christopher
kalava siva kumar
Jan 6, 2012, 3:35:31 AM1/6/12
to ccnet...@googlegroups.com
Hi,
I have configured ldap after your mail. But I couldn't able to login into web dashboard. Please find the ldap configurations below. Could you please tell me whats wrong with my configurations. is there anything to do before writing this as machine level
<internalSecurity>
<audit>
<xmlFileAudit location="C:\Logs\CCNet_Audit.xml"/>
</audit>
<auditReader type="xmlFileAuditReader" location="C:\Logs\CCNet_Audit.xml"/>
<users>
<ldapUser name="LokanaSM" domain="unisys.com"/>
<audit>
<xmlFileAudit location="C:\Logs\CCNet_Audit.xml"/>
</audit>
<auditReader type="xmlFileAuditReader" location="C:\Logs\CCNet_Audit.xml"/>
<users>
<ldapUser name="LokanaSM" domain="unisys.com"/>
<ldapUser name="RajaredM" domain="unisys.com"/>
<ldapUser name="RamakrVC" domain="unisys.com"/>
<ldapUser name="Kalavas" domain="unisys.com"/>
<ldapUser name="ChikkaG" domain="unisys.com"/>
</users>
<permissions>
<permissions>
<rolePermission name="Admin" defaultRight="Allow">
<users>
<userName name="LokanaSM"/>
<userName name="Kalavas"/>
</users>
</rolePermission>
<userName name="Kalavas"/>
</users>
</rolePermission>
<rolePermission name="LAS-Developers" forceBuild="Allow" defaultRight="Deny">
<users>
<userName name="Kummarat"/>
<userName name="RamakrVC"/>
</users>
</rolePermission>
<rolePermission name="LAS-Admin" forceBuild="Allow" startProject="Allow" defaultRight="Deny">
<users>
<userName name="RajaredM"/>
<userName name="ChikkaG"/>
</users>
</rolePermission>
</permissions>
</internalSecurity>
and project level security
<security type="defaultProjectSecurity" defaultRight="Deny">
<permissions>
<rolePermission name="LAS-Developers" ref="LAS-Developers"/>
<rolePermission name="LAS-Admin" ref="LAS-Admin"/>
<permissions>
<rolePermission name="LAS-Developers" ref="LAS-Developers"/>
<rolePermission name="LAS-Admin" ref="LAS-Admin"/>
<rolePermission name="Admin" ref="Admin"/>
</permissions>
</security>
</security>
Thanks and Regards,
Shiva
Christopher
Jan 6, 2012, 5:04:16 AM1/6/12
to ccnet-user
You need to add:
<securityPlugins>
<simpleSecurity />
</securityPlugins>
to dashboard.config (if it isn't there already).
If it still doesn't work, try changing the domain name from unisys.com
to unisys.
Chris
On Jan 6, 9:35 am, kalava siva kumar <sivakumar.kal...@gmail.com>
wrote:
> > I have set up authentication in CC.NET <http://cc.net/> 1.6 using
<securityPlugins>
<simpleSecurity />
</securityPlugins>
to dashboard.config (if it isn't there already).
If it still doesn't work, try changing the domain name from unisys.com
to unisys.
Chris
On Jan 6, 9:35 am, kalava siva kumar <sivakumar.kal...@gmail.com>
wrote:
Christopher
Jan 18, 2012, 3:30:37 AM1/18/12
to ccnet-user
Anybody?
Ruben Willems
Jan 18, 2012, 1:34:40 PM1/18/12
to ccnet...@googlegroups.com
Hi
I need to look further into this
For the moment users have to login via the login dialog, even for ldap users.
That message could indeed be better, so that needs addressing first.
I made an issue for it :
http://www.cruisecontrolnet.org/issues/65
with kind regards
Ruben Willems
I need to look further into this
For the moment users have to login via the login dialog, even for ldap users.
That message could indeed be better, so that needs addressing first.
I made an issue for it :
http://www.cruisecontrolnet.org/issues/65
with kind regards
Ruben Willems
Christopher
Jan 19, 2012, 11:04:03 AM1/19/12
to ccnet-user
Ok, thanks for your reply.
Reply all
Reply to author
Forward
0 new messages