ActiveDirectory authentication/SSL certificate in VW
Locked
 
|
I am new with VW smalltalk web programming. I am
trying to develop an application that connects to the Active Directory to authenticate the login ID. I have downloaded the LDAP* classes from the Public Store and have tried to check if I can establish a connection from my PC to the LDAP server. Unfortunately, I am encountering a walkback stating that the threadTableLock is not understood. Net.LDAPConnection >> getNewThreadForHost: hString port: pInteger 1. Can you advise how to resolve the problem? 2. Can you provide alternative ways to connect to the Active Directory server? 3. Do I need to have an SSL certificate defined? 4. How do I create an SSL certificate and how to relate that to my smalltalk codes? Hope you can shed some light to my dilemma. |
|
|
I just used simple bind. Not sure if that is default for Active
Directory. For testing (to get the connection strings right) I found the following ldapbrowser (written in Java) quite useful. http://www.novell.com/communities/node/8652/gawors-excellent-ldap- browsereditor-v282 some information maybe found also at: http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx Cheers Manfred Kohl On Jul 11, 2012, at 10:26 PM, jhoconer wrote: > I am new with VW smalltalk web programming. I am > trying to develop an application that connects to the Active Directory > to authenticate the login ID. I have downloaded the LDAP* classes from > the Public Store and have tried to check if I can establish a > connection > from my PC to the LDAP server. Unfortunately, I am encountering a > walkback stating that the threadTableLock is not understood. > > Net.LDAPConnection >> getNewThreadForHost: hString port: pInteger > > 1. Can you advise how to resolve the problem? > 2. Can you provide alternative ways to connect to the Active Directory > server? > 3. Do I need to have an SSL certificate defined? > 4. How do I create an SSL certificate and how to relate that to my > smalltalk codes? > > Hope you can shed some light to my dilemma. > > -- > View this message in context: > http://forum.world.st/ActiveDirectory-authentication-SSL-certificate- > in-VW-tp4639587.html > Sent from the VisualWorks mailing list archive at Nabble.com. > _______________________________________________ > vwnc mailing list > [hidden email] > http://lists.cs.uiuc.edu/mailman/listinfo/vwnc > _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
|
|
Hi Manfred, Thanks for the feedback. Can you advise how to perform binding? When I tried to execute the LDAPConnection connectToHost:* method, I got a walkback because the threadConnTable and threadTableLock shared variables are nil. Can you advise how to resolve the problem?
Thanks in advance for your help! Regards, Julia On Fri, Jul 13, 2012 at 8:28 AM, manfred.kohl [via Smalltalk] <[hidden email]> wrote:
|
|
|
for testing I would start with LDAPBrowser ( LDAPBrowser
open)application there You can test the bind parameters ( fully specified account and password ) this so called user dn can be quite complex (example: CN=Manfred Kohl,OU=Users,OU=IT,OU=RWER,DC=site4ies,DC=jrc,DC=it) 1. step click on the bind To button : You get a mask with the bind authentication parameters. then select as scope all subleveles under base and the base dn. even before that : does the ldap server respond ? telnet <servername> 389 cheers Manfred On Jul 15, 2012, at 3:49 AM, jhoconer wrote: > Hi Manfred, > > Thanks for the feedback. Can you advise how to perform binding? When I > tried to execute the LDAPConnection connectToHost:* method, I got a > walkback because the threadConnTable and threadTableLock shared > variables are nil. Can you advise how to resolve the problem? > > Thanks in advance for your help! > > Regards, > Julia > > On Fri, Jul 13, 2012 at 8:28 AM, manfred.kohl [via Smalltalk] <[hidden > email]> wrote: >> I just used simple bind. Not sure if that is default for Active >> Directory. >> For testing (to get the connection strings right) I found the >> following ldapbrowser (written in Java) quite useful. >> http://www.novell.com/communities/node/8652/gawors-excellent-ldap- >> browsereditor-v282 >> some information maybe found also at: >> http://technet.microsoft.com/en-us/library/cc755809(v=ws.10).aspx >> >> >> Cheers >> >> Manfred Kohl >> >> >> >> >> >> On Jul 11, 2012, at 10:26 PM, jhoconer wrote: >> >> > I am new with VW smalltalk web programming. I am >> > trying to develop an application that connects to the Active >> Directory >> > to authenticate the login ID. I have downloaded the LDAP* classes >> from >> > the Public Store and have tried to check if I can establish a >> > connection >> > from my PC to the LDAP server. Unfortunately, I am encountering a >> > walkback stating that the threadTableLock is not understood. >> > >> > Net.LDAPConnection >> getNewThreadForHost: hString port: pInteger >> > >> > 1. Can you advise how to resolve the problem? >> > 2. Can you provide alternative ways to connect to the Active >> Directory >> > server? >> > 3. Do I need to have an SSL certificate defined? >> > 4. How do I create an SSL certificate and how to relate that to my >> > smalltalk codes? >> > >> > Hope you can shed some light to my dilemma. >> > >> > -- >> > View this message in context: >> > >> http://forum.world.st/ActiveDirectory-authentication-SSL- >> certificate- >> > in-VW-tp4639587.html >> > Sent from the VisualWorks mailing list archive at Nabble.com. >> > _______________________________________________ >> > vwnc mailing list >> > [hidden email] >> > http://lists.cs.uiuc.edu/mailman/listinfo/vwnc >> > >> >> _______________________________________________ >> vwnc mailing list >> [hidden email] >> http://lists.cs.uiuc.edu/mailman/listinfo/vwnc >> >> >> If you reply to this email, your message will be added to the >> discussion below: >> http://forum.world.st/ActiveDirectory-authentication-SSL-certificate- >> in-VW-tp4639587p4639812.html >> To unsubscribe from ActiveDirectory authentication/SSL certificate >> in VW, click here. >> NAML > > View this message in context: Re: ActiveDirectory authentication/SSL > certificate in VW > Sent from the VisualWorks mailing list archive at Nabble.com. > _______________________________________________ > vwnc mailing list > [hidden email] > http://lists.cs.uiuc.edu/mailman/listinfo/vwnc _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
|
|
Hi Manfred, I tried using the LDAPBrowser application but when I clicked on the Search button, I still encountered the error because there were no defined values for the shared variables ThreadTableLock and ThreadConnTable.
Can you advise what should be used to define these 2 variables? I tried setting it to Dictionary new but I still encounter the walkback. Hope you can provide some insights. Thanks in advance! Regards, Julia On Mon, Jul 16, 2012 at 3:12 AM, Manfred Kohl <[hidden email]> wrote: for testing I would start with LDAPBrowser ( LDAPBrowser open)application _______________________________________________ vwnc mailing list [hidden email] http://lists.cs.uiuc.edu/mailman/listinfo/vwnc |
Re: ActiveDirectory authentication/SSL certificate in VW
|
|
In reply to this post by jhoconer
Here's a different approach - single sign on with SSPI.
Some notes: - I don't know which web framework you're using, so this is pseudo code. - The methods base64Encode: / base64Decode: are implemented in SSPI.WindowsAuthentication - For Kerberos you'll need to supply a Service Principal Name, HTTP/hostname
handleRequest: aHttpRequest session: aSession
" Authenticate with SSPI.
See RFC 4559 (http://www.ietf.org/rfc/rfc4559.txt)
Returns a HTTP response "
| authorization clientToken |
authorization := aHttpRequest fieldAt: 'authorization'
authorization isNil
ifTrue:
[ " Initiate authentication "
aSession securityContext: nil.
^ (HttpResponse code: '401')
headerAt: 'WWW-Authenticate' put: 'Negotiate';
yourself
].
" we need a security context for the session/connection "
securityContext := aSession securityContext.
securityContext isNil
ifTrue:
[ " note: for Kerberos, a proper Service Principal Name is required "
securityContext := SSPI.SecurityContext securityPackage: 'Negotiate' servicePrincipalName: ''.
securityContext initializeForServer.
aSession securityContext: securityContext.
].
" check client authentication "
^ [ clientToken := self base64Decode: authorization.
securityContext inboundToken: clientToken.
securityContext performNextServerStep.
securityContext isAuthenticated
ifTrue: [
" authenticated "
(HttpResponse code: '200')
contents: 'Success!';
respond ]
ifFalse:
[ " pass server token to client "
(HttpResponse code: '401')
headerAt: 'WWW-Authenticate' put: 'Negotiate ', (self base64Encode: securityContext outboundToken);
respond
]
]
on: SSPI.SSPIError
do:
[: ex |
" authentication failed "
aSession securityContext: nil.
(HttpResponse code: '401')
contents: 'Authentication failed';
yourself
].
|
«
Return to VisualWorks
|
1 view|%1 views
| Free forum by Nabble | Edit this page |