Login Page Farcry 5.1+ AD
1 view
Skip to first unread message
Chris Roth
Jan 28, 2009, 5:00:56 PM1/28/09
to farcry-dev
I have modified the farcryldap plugin to work with our Active
Directory configuration, and from what I can tell thus far, its
working just fine (logins, groups, etc.)
However, I really dislike the login page that now requires the user to
"select" the user directory.
We have AD users (internal employees) and FCUD users (external non- ad
people) that will need to be logging in.
Has anyone, or can someone provide some guidance on making the login
page work like 4.x...
If a login is not found in say the FCUD, check the ADUD.. etc before
denying/granting access?
Directory configuration, and from what I can tell thus far, its
working just fine (logins, groups, etc.)
However, I really dislike the login page that now requires the user to
"select" the user directory.
We have AD users (internal employees) and FCUD users (external non- ad
people) that will need to be logging in.
Has anyone, or can someone provide some guidance on making the login
page work like 4.x...
If a login is not found in say the FCUD, check the ADUD.. etc before
denying/granting access?
Blair McKenzie
Jan 28, 2009, 6:24:10 PM1/28/09
to farcr...@googlegroups.com
- Modify the login skin for the default user directory to remove the directory select
- Modify the default user directory authentication function so that a user-doesn't-exist failure does not return an error struct
- Make sure that the authentication function for both user directories process the form (e.g. they both use the farLogin form)
Blair
Chris Roth
Jan 29, 2009, 2:58:42 PM1/29/09
to farcry-dev
Blair,
Thanks for the pointers. I am close but dont seem to quite have it
right, perhaps a litte more guidance.
Here's what I have done so far.
I have a plugin cmiAD which is basically a modified version of
farcryldap. Its working just fine.
In webtop - admin - edit config - general config - login props -
default UD I have set to my cmiAD
At thie point I can login with either a Farcry or cmiAD user. The
login form has the select UD option..... following your guidance..
I have made the following changes to my cmiAD plugin files.
1. copied the folder\file farLogin\displayLogin.cfm from core\webskins
to \plugins\cmiAD\weskins
2. commented out <sec:SelectUDLogin> in \plugins\cmiAD\weskins
\farLogin\displayLogin.cfm
3. cmiAD.cfc - modified getLoginForm to return farLogin
4. cmiAD.cfc - commented out the setting of stResult variables between
the <cfcatch> tags
Refresh app and I get 70% there.
1. My login page no longer has user directory select
2. I can login with my AD account
3. FAIL: I can not login with a farcry user account
I suppose somwhere there needs to be instructions to pass the supplied
username/password to all "configured" User Directories, but I am not
sure where to put that. Help?
On Jan 28, 3:24 pm, Blair McKenzie <shi...@gmail.com> wrote:
> 1. Modify the login skin for the default user directory to remove the
> directory select
> 2. Modify the default user directory authentication function so that a
>
> - Show quoted text -
Thanks for the pointers. I am close but dont seem to quite have it
right, perhaps a litte more guidance.
Here's what I have done so far.
I have a plugin cmiAD which is basically a modified version of
farcryldap. Its working just fine.
In webtop - admin - edit config - general config - login props -
default UD I have set to my cmiAD
At thie point I can login with either a Farcry or cmiAD user. The
login form has the select UD option..... following your guidance..
I have made the following changes to my cmiAD plugin files.
1. copied the folder\file farLogin\displayLogin.cfm from core\webskins
to \plugins\cmiAD\weskins
2. commented out <sec:SelectUDLogin> in \plugins\cmiAD\weskins
\farLogin\displayLogin.cfm
3. cmiAD.cfc - modified getLoginForm to return farLogin
4. cmiAD.cfc - commented out the setting of stResult variables between
the <cfcatch> tags
Refresh app and I get 70% there.
1. My login page no longer has user directory select
2. I can login with my AD account
3. FAIL: I can not login with a farcry user account
I suppose somwhere there needs to be instructions to pass the supplied
username/password to all "configured" User Directories, but I am not
sure where to put that. Help?
On Jan 28, 3:24 pm, Blair McKenzie <shi...@gmail.com> wrote:
> 1. Modify the login skin for the default user directory to remove the
> directory select
> 2. Modify the default user directory authentication function so that a
> user-doesn't-exist failure does not return an error struct
> 3. Make sure that the authentication function for both user directories
> process the form (e.g. they both use the farLogin form)
>
> I think that's all you need.
>
> Blair
>
>
>
> On Thu, Jan 29, 2009 at 9:00 AM, Chris Roth <chris.r...@gmail.com> wrote:
>
> > I have modified the farcryldap plugin to work with our Active
> > Directory configuration, and from what I can tell thus far, its
> > working just fine (logins, groups, etc.)
>
> > However, I really dislike the login page that now requires the user to
> > "select" the user directory.
>
> > We have AD users (internal employees) and FCUD users (external non- ad
> > people) that will need to be logging in.
>
> > Has anyone, or can someone provide some guidance on making the login
> > page work like 4.x...
>
> > If a login is not found in say the FCUD, check the ADUD.. etc before
> > denying/granting access?- Hide quoted text -
>
> I think that's all you need.
>
> Blair
>
>
>
> On Thu, Jan 29, 2009 at 9:00 AM, Chris Roth <chris.r...@gmail.com> wrote:
>
> > I have modified the farcryldap plugin to work with our Active
> > Directory configuration, and from what I can tell thus far, its
> > working just fine (logins, groups, etc.)
>
> > However, I really dislike the login page that now requires the user to
> > "select" the user directory.
>
> > We have AD users (internal employees) and FCUD users (external non- ad
> > people) that will need to be logging in.
>
> > Has anyone, or can someone provide some guidance on making the login
> > page work like 4.x...
>
> > If a login is not found in say the FCUD, check the ADUD.. etc before
>
> - Show quoted text -
Blair McKenzie
Jan 29, 2009, 5:24:33 PM1/29/09
to farcr...@googlegroups.com
Check that the ldap authenticate function is returning an empty struct when there is no match. Every time the login page is loaded, FarCry loops through the user directories trying to authenticate. As soon as a non-empty struct is returned (empty == nothing to see here) it stops, and there was either an error or the user is logged in.
Chris Roth
Jan 29, 2009, 7:05:01 PM1/29/09
to farcry-dev
Blair,
Here's the authenticate function in my cmiad.cfc. Am i missing
something? Does setting stResult = StructNew() not create an empty
struct?
<cffunction name="authenticate" access="public" output="true"
returntype="struct" hint="Attempts to process a user. Runs every time
the login form is loaded.">
<cfset var stResult = structnew() />
<cfset var qResult = "" />
<cfimport taglib="/farcry/core/tags/formtools/" prefix="ft" />
<!--- Return struct --->
<ft:processform>
<ft:processformObjects typename="#getLoginForm()#">
<cfset stResult.userid = "" />
<cfset stResult.authenticated = false />
<cfset stResult.message = "" />
<!--- Find the user --->
<cftry>
<cfldap server="#application.config.ldap.host#" action="query"
name="qResult" start="#application.config.ldap.userstart#"
scope="base" attributes="*" username="#replace
(application.config.ldap.userdn,'{userid}',stProperties.username)#"
password="#stProperties.password#" />
<cfset stResult.authenticated = true />
<cfset stResult.userid = stProperties.username />
<cfcatch>
<!--- CROTH: 1/29/09 disable the return variable so that this
will also look in the FarcryUD
<cfset stResult.authenticated = false />
<cfset stResult.userid = stProperties.username />
<cfset stResult.message = "The username or password is
incorrect" />
--->
<cfset stResult = StructNew()>
</cfcatch>
</cftry>
</ft:processformObjects>
</ft:processform>
<cfreturn stResult />
</cffunction>
> > > - Show quoted text -- Hide quoted text -
Here's the authenticate function in my cmiad.cfc. Am i missing
something? Does setting stResult = StructNew() not create an empty
struct?
<cffunction name="authenticate" access="public" output="true"
returntype="struct" hint="Attempts to process a user. Runs every time
the login form is loaded.">
<cfset var stResult = structnew() />
<cfset var qResult = "" />
<cfimport taglib="/farcry/core/tags/formtools/" prefix="ft" />
<!--- Return struct --->
<ft:processform>
<ft:processformObjects typename="#getLoginForm()#">
<cfset stResult.userid = "" />
<cfset stResult.authenticated = false />
<cfset stResult.message = "" />
<!--- Find the user --->
<cftry>
<cfldap server="#application.config.ldap.host#" action="query"
name="qResult" start="#application.config.ldap.userstart#"
scope="base" attributes="*" username="#replace
(application.config.ldap.userdn,'{userid}',stProperties.username)#"
password="#stProperties.password#" />
<cfset stResult.authenticated = true />
<cfset stResult.userid = stProperties.username />
<cfcatch>
<!--- CROTH: 1/29/09 disable the return variable so that this
will also look in the FarcryUD
<cfset stResult.authenticated = false />
<cfset stResult.userid = stProperties.username />
<cfset stResult.message = "The username or password is
incorrect" />
--->
<cfset stResult = StructNew()>
</cfcatch>
</cftry>
</ft:processformObjects>
</ft:processform>
<cfreturn stResult />
</cffunction>
Blair McKenzie
Jan 29, 2009, 11:35:49 PM1/29/09
to farcr...@googlegroups.com
Did you updateapp / reload security?
Chris Roth
Jan 30, 2009, 12:33:00 PM1/30/09
to farcry-dev
Blair,
Yes, I updated app and reloaded security.
Can you point me to where Farcry loops thru the configured UDs? I
could not find it, but admit I may not know all the places to look.
I configimed my Farcy user login is working by going to the webtop via
the url passed var.
http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD
But it definately does not appear to be looping over the UD's when I
try to log in to the web top without passing the ud variable
andentering the farcry user login details.
Chris
Yes, I updated app and reloaded security.
Can you point me to where Farcry loops thru the configured UDs? I
could not find it, but admit I may not know all the places to look.
I configimed my Farcy user login is working by going to the webtop via
the url passed var.
http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD
But it definately does not appear to be looping over the UD's when I
try to log in to the web top without passing the ud variable
andentering the farcry user login details.
Chris
Chris Roth
Jan 30, 2009, 12:44:03 PM1/30/09
to farcry-dev
Here's a bit more info that may help you help me..
If I go to: http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD
As mentioned I can login with my FC user. And if I try to login with
my AD user I get the user/pass incorrect bubble. - both as expected.
I do not get the forgot password, forgot user, register links. it I
enter incorrect logins using either the ?ud=clientud or directly
accessing the login page.
However.
If I login one way or the other (sucessfully), then use my back button
to return to the login page, then hit reload, I do see the misc. links
below the login, however
I am still required to login using which ever method was successful
before hitting back.
If I go to: http://dev-www.mydomain.com/webtop/login.cfm?ud=CLIENTUD
As mentioned I can login with my FC user. And if I try to login with
my AD user I get the user/pass incorrect bubble. - both as expected.
I do not get the forgot password, forgot user, register links. it I
enter incorrect logins using either the ?ud=clientud or directly
accessing the login page.
However.
If I login one way or the other (sucessfully), then use my back button
to return to the login page, then hit reload, I do see the misc. links
below the login, however
I am still required to login using which ever method was successful
before hitting back.
Blair McKenzie
Feb 1, 2009, 7:32:32 PM2/1/09
to farcr...@googlegroups.com
The loop is done in packages/security/security.cfc. It looks like it should work, but if you find something wrong let me know.
Chris Roth
Feb 4, 2009, 7:58:14 PM2/4/09
to farcry-dev
Hi Blair,
I see the loop you refer to but I can not seem to figure out why that
loop does not seem to be running.
Once the selectUD form control is removed from the login form, I can
only log in with a user in the "default" directory.
If I set the default directory to be FarcryUD, I can log in with a FC
user but,if I try to login with AD credentials, I get the username/
password worng bubble.
If I set the default directory to be my AD, I can log in with a AD
user but,if I try to login with FC credentials, I DO NOT get the
username/password worng bubble, but the form repaints.
Any other ideas? This is and sme minor verity plugin issues are my
only dev to prod hold up.
I see the loop you refer to but I can not seem to figure out why that
loop does not seem to be running.
Once the selectUD form control is removed from the login form, I can
only log in with a user in the "default" directory.
If I set the default directory to be FarcryUD, I can log in with a FC
user but,if I try to login with AD credentials, I get the username/
password worng bubble.
If I set the default directory to be my AD, I can log in with a AD
user but,if I try to login with FC credentials, I DO NOT get the
username/password worng bubble, but the form repaints.
Any other ideas? This is and sme minor verity plugin issues are my
only dev to prod hold up.
Blair McKenzie
Feb 5, 2009, 12:08:04 AM2/5/09
to farcr...@googlegroups.com
Another possibility is that the order of the directories is affecting the login process. You can change the order of the user directories that are processed by adding a seq attribute to the user directory component. FarcryUD defaults to 9999. Try adding a lower seq to yours, and updating the app.
Chris Roth
Feb 5, 2009, 2:44:14 PM2/5/09
to farcry-dev
Blair,
I added the seq attribute to my AD component:
<cfcomponent displayname="CMI Active Directory User Directory"
hint="AD User Directory"
extends="farcry.core.packages.security.UserDirectory" output="false"
bEncrypted="false" seq="9998">
and a dump of application.security on the login page confirms it.
The issue still seems to be that ONLY the "default" user directory is
being used.
Any other ideas?
> ...
>
> read more »- Hide quoted text -
I added the seq attribute to my AD component:
<cfcomponent displayname="CMI Active Directory User Directory"
hint="AD User Directory"
extends="farcry.core.packages.security.UserDirectory" output="false"
bEncrypted="false" seq="9998">
and a dump of application.security on the login page confirms it.
The issue still seems to be that ONLY the "default" user directory is
being used.
Any other ideas?
>
> read more »- Hide quoted text -
Blair McKenzie
Feb 5, 2009, 5:27:28 PM2/5/09
to farcr...@googlegroups.com
There's definitely a glitch in that loop somewhere then, but I can't see it just by looking at the code. All I can suggest is to do some dump-aborts to that loop to track down where it's breaking down. What is in the authentication structs? Are the various if statements catching the correct cases?
AJ Mercer
Feb 5, 2009, 5:43:04 PM2/5/09
to farcr...@googlegroups.com
I find emailing out cfdumps to my more effective
as Farcry sometimes 'hides' errors
Especially with this sort of thing where an error may be handled by creating an empty struct which would then affect the flow of the program.
You could also do logs or traces.
--
AJ Mercer
Web Log: http://webonix.net
Once you come to the realisation that everyone is crazy,
You will never be surprised or disappointed ever again.
AJM 2008
as Farcry sometimes 'hides' errors
Especially with this sort of thing where an error may be handled by creating an empty struct which would then affect the flow of the program.
You could also do logs or traces.
2009/2/6 Blair McKenzie <shi...@gmail.com>
--
AJ Mercer
Web Log: http://webonix.net
Once you come to the realisation that everyone is crazy,
You will never be surprised or disappointed ever again.
AJM 2008
Chris Roth
Feb 6, 2009, 5:28:03 PM2/6/09
to farcry-dev
Maybe this is it... the first few lines in the authenticate function
of security.cfc
<cfset var ud = "" />
(this.userdirectories,"numeric","asc","seq") />
<cfimport taglib="/farcry/core/tags/farcry/" prefix="farcry" />
<cfif structkeyexists(url,"ud")>
<cfset udlist = url.ud />
</cfif>
<cfif isArray(udlist)>
<cfset udlist = arrayToList(udlist) />
</cfif>
I am a bit of a novice CF person, so I may be off base here but..
Looks like the problem is:
the udlist values set here
<cfset var udlist = structsort
(this.userdirectories,"numeric","asc","seq") />
are overwritten here:
<cfif structkeyexists(url,"ud")>
<cfset udlist = url.ud />
</cfif>
by the value set in webtop/login.cfm here:
<cfparam name="url.ud" default="#application.security.getDefaultUD()
#" />
commenting out the code the overwrites the "list" of values solves the
problem. Though I am not sure if this will cause an unforseen problem?
of security.cfc
<cfset var ud = "" />
<cfset var stResult = structnew() />
<cfset var udlist = structsort
(this.userdirectories,"numeric","asc","seq") />
<cfimport taglib="/farcry/core/tags/farcry/" prefix="farcry" />
<cfif structkeyexists(url,"ud")>
<cfset udlist = url.ud />
</cfif>
<cfif isArray(udlist)>
<cfset udlist = arrayToList(udlist) />
</cfif>
I am a bit of a novice CF person, so I may be off base here but..
Looks like the problem is:
the udlist values set here
<cfset var udlist = structsort
(this.userdirectories,"numeric","asc","seq") />
are overwritten here:
<cfif structkeyexists(url,"ud")>
<cfset udlist = url.ud />
</cfif>
by the value set in webtop/login.cfm here:
<cfparam name="url.ud" default="#application.security.getDefaultUD()
#" />
commenting out the code the overwrites the "list" of values solves the
problem. Though I am not sure if this will cause an unforseen problem?
Blair McKenzie
Feb 7, 2009, 3:52:18 PM2/7/09
to farcr...@googlegroups.com
No, that should be fine. Attach the new file to a bug and I'll check it in.
Reply all
Reply to author
Forward
0 new messages