diff options
| author | Fraser Tweedale <ftweedal@redhat.com> | 2016-11-29 17:58:50 +1000 |
|---|---|---|
| committer | Fraser Tweedale <ftweedal@redhat.com> | 2017-03-16 17:46:18 +1000 |
| commit | 00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e (patch) | |
| tree | 5fd955cf5fb4c8ca1e12c24a9540eef7cb672cc4 /base/ca | |
| parent | 4cf87aa3babc4c7d8ea60a46cb548ebfee493ae4 (diff) | |
| download | pki-00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e.tar.gz pki-00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e.tar.xz pki-00cf1cd2c6b9f5d8116921e4c3f1d07e7708388e.zip | |
Add groups and request attributes to external principals
Add the ExternalAuthenticationValve valve, which, if an externally
authenticated principal is available, reads the REMOTE_USER_GROUP
information from the Coyote request and adds the groups ("roles" in
Tomcat terminology) to the principal.
It also saves a complete copy of the request attribute map in the
princpial. The new class ExternalPrincipal is used to achieve this.
Part of: https://pagure.io/dogtagpki/issue/1359
Diffstat (limited to 'base/ca')
| -rw-r--r-- | base/ca/tomcat8/conf/Catalina/localhost/ca.xml | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/base/ca/tomcat8/conf/Catalina/localhost/ca.xml b/base/ca/tomcat8/conf/Catalina/localhost/ca.xml index 46f270817..0268bc17e 100644 --- a/base/ca/tomcat8/conf/Catalina/localhost/ca.xml +++ b/base/ca/tomcat8/conf/Catalina/localhost/ca.xml @@ -27,6 +27,8 @@ <Manager secureRandomProvider="Mozilla-JSS" secureRandomAlgorithm="pkcs11prng"/> + <Valve className="com.netscape.cms.tomcat.ExternalAuthenticationValve" /> + <Valve className="com.netscape.cms.tomcat.SSLAuthenticatorWithFallback" alwaysUseSession="true" secureRandomProvider="Mozilla-JSS" |