-
-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
set username by REMOTE_USER #551
Comments
maybe you can make an apache rule that passes the username with a ?userName parameter |
So that userName can be faked ? I guess, this is not what spicewiesel wanted. |
If you want Serious authentification, you may want to use the HTTP API to create a Session (e.g. in PHP with etherpad-lite-client). |
it would be enough to initial set the username to REMOTE_USER. There is atm no need to avoid faking. |
Note that the more commonly used header for that purpose is X-Forwarded-User; and it would be sufficiently safe to add a config option that makes etherpad read that header if present and authenticate as the specified user (just as safe as using a webserver in front of the etherpad for authentication). |
HoverHell/etherpad-lite@5a5dd9034f6ef8abcb7176f0bab3ba389a08cf75 |
see also duplicate "Set author name from HTTP auth data" https://github.com/Pita/etherpad-lite/issues/759 |
Hi, like others I want to authenticate etherpad-lite with Shibboleth through an Apache proxy using mod_shib. I managed to found a solution which works. The global idea is to use a value in the headers (set by the proxy) to set the AuthorName. I'm new to nodejs ; is the way I did it ok from a developper point of view ? The suggested patch : support_shibb_etherpad-lite.diff => http://pastebin.com/raw.php?i=hYr8bd89 If it's correct could it be commited in the master branch ? |
Wow, that sounds fantastic! Is s.th. like that also possible with ldap? |
I guess yes. As long as you can set a header through a proxy It should work. |
Auth is being reviewed at the moment and we're waiting on a draft spec from @Pita so I'd say hold out on that before trying to integrate too prematurely and having to to redo your work. |
Which git rev is the patch applicable to? Am 23.10.2012 um 22:03 schrieb mamachine notifications@github.com:
|
For @johnyma22, sorry I don't have time to help working on auth rewrite. But I could do some tests for Shibb or CAS authentication when you'll have something workable. For @disy-mk, the patch was written for v1.1.4 : commit e19c05d
|
@mamachine: Note: checking out 'e19c05d1c4652191467e7e53cbf906ce9882fd14'. epl$ git log |head -n5 epl$ patch -p1 < shib.patch |
@mamachine: Note: checking out 'e19c05d1c4652191467e7e53cbf906ce9882fd14'. epl$ git log |head -n5 epl$ patch -p1 < shib.patch patching file src/node/utils/Settings.js |
There was some spaces/tabs problems with the first pastebin file. Here it's better, but it may display a warning "(Stripping trailing CRs from patch.)" during the patch process. Here is how to replay the patch and check that it's been well applied : $ git clone https://github.com/ether/etherpad-lite If you know a better place to post the patch... Otherwise you may try this alternative work someone else have done ; it seems to work too : |
Please create a vote for this plugin / feature on http://etherpad.idea.informer.com/ |
Everyone interested, please vote here: http://etherpad.idea.informer.com/proj/?ia=72231
|
LDAP auth available here https://github.com/tykeal/ep_ldapauth |
@JohnMcLear thanks for posting here! |
This never moved forward even with the bounty? I was looking at the description of https://github.com/lsowen/ep_auth_author and wasn't able to understand "Add a prefix to settings.json to distinguish between normal BasicAuth users...", makes it sound like BasicAuth is already baked in, but this ticket is still open. |
Bounty too small? ----- Reply message ----- This never moved forward even with the bounty? Reply to this email directly or view it on GitHubhttps://github.com//issues/551#issuecomment-188240767. |
I implemented this for myself back then, but it was not merged.
|
Closing as plugins are doing this. |
And which ones? |
Afaik ep_ldap does it ? |
But this request was a lot more generic than LDAP. |
The point is that plugins are doing it and I provided an example that does. You can copy/page the LDAP logic to whatever Auth mechanism you are using. |
set pad's username by the REMOTE_USER passed threw by http AuthBasic f.e.
Many Pads are running behind a webserver AuthBasic, so it would be nice to not have to set my username everytime I logged in.
The text was updated successfully, but these errors were encountered: