Difference between revisions of "FormLogin"

(Created page with "The goal here is to authenticate a user for the Open-Xchange system from an external system and to safely pass on the received session data to the user´s browser. To do so the e...")
 
Line 1: Line 1:
 +
= FormLogin =
 +
 
The goal here is to authenticate a user for the Open-Xchange system from an external system and to safely pass on the received session data to the user´s browser. To do so the external system has to know the user data (username, password) for Open-Xchange in plain text.
 
The goal here is to authenticate a user for the Open-Xchange system from an external system and to safely pass on the received session data to the user´s browser. To do so the external system has to know the user data (username, password) for Open-Xchange in plain text.
 
There are three participants in this process: User, Open-Xchange system ("OX") and External system ("3rd-party").
 
There are three participants in this process: User, Open-Xchange system ("OX") and External system ("3rd-party").
  
The diagram below shows the complete process. Just read it naturally from top to bottom and you have the chronological oder things need to happen in.
+
== Prerequisites ==
Also there are 4 prerequisites not mentioned in the diagram needed for this to work:
 
  
 
1. A ReverseProxy-directive has to be set in the OX-/Loadbalancer-Apache
 
1. A ReverseProxy-directive has to be set in the OX-/Loadbalancer-Apache
Line 30: Line 31:
 
http://oxpedia.org/wiki/index.php?title=HTTP_API#Form_Login_.28since_6.20.29
 
http://oxpedia.org/wiki/index.php?title=HTTP_API#Form_Login_.28since_6.20.29
  
Example for the login-form:
+
== Diagram ==
 +
 
 +
This diagram shows the complete process. Just read it naturally from top to bottom and you have the chronological oder things need to happen in.
 +
 
 +
[[File:formLoginDiagram.jpg]]
 +
 
 +
== Example for the login-form ==
  
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
+
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
+
<html>
<head>
+
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="cache-control" content="no-cache">
+
<meta http-equiv="cache-control" content="no-cache">
<title>Login</title>
+
<title>Login</title>
<script type="text/javascript">
+
<script type="text/javascript">
function uuid() {
+
function uuid() {
 
     function hex(len, x) {
 
     function hex(len, x) {
 
         if (x === undefined) x = Math.random();
 
         if (x === undefined) x = Math.random();
Line 51: Line 58:
 
     }
 
     }
 
     return [hex(8), "-", hex(4), "-4", hex(3), "-", hex(4, 0.5 + Math.random() / 4), "-", hex(12)].join("");
 
     return [hex(8), "-", hex(4), "-4", hex(3), "-", hex(4, 0.5 + Math.random() / 4), "-", hex(12)].join("");
}
+
}
</script>
+
</script>
</head>
+
</head>
<body>
+
<body>
<form action="/ajax/login?action=formlogin&authId=" method="post" onSubmit="this.action += uuid();">
+
<form action="/ajax/login?action=formlogin&authId=" method="post" onSubmit="this.action += uuid();">
<p>
+
<p>
<label for="login">Username: </label>
+
<label for="login">Username: </label>
<input type="text" name="login" id="login"><br>
+
<input type="text" name="login" id="login"><br>
<label for="password">Password:  </label>
+
<label for="password">Password:  </label>
<input type="password" name="password" id="password"><br>
+
<input type="password" name="password" id="password"><br>
<input type="submit" value="Login">
+
<input type="submit" value="Login">
<input type="hidden" name="client" value="com.openexchange.ox.gui.dhtml">
+
<input type="hidden" name="client" value="com.openexchange.ox.gui.dhtml">
<input type="hidden" name="version" value="Form Login">
+
<input type="hidden" name="version" value="Form Login">
<input type="hidden" name="autologin" value="true">
+
<input type="hidden" name="autologin" value="true">
<input type="hidden" name="uiWebPath" value="/ox6/index.html">
+
<input type="hidden" name="uiWebPath" value="/ox6/index.html">
</p>
+
</p>
</form>
+
</form>
</body>
+
</body>
</html>
+
</html>

Revision as of 14:03, 13 October 2011

FormLogin

The goal here is to authenticate a user for the Open-Xchange system from an external system and to safely pass on the received session data to the user´s browser. To do so the external system has to know the user data (username, password) for Open-Xchange in plain text. There are three participants in this process: User, Open-Xchange system ("OX") and External system ("3rd-party").

Prerequisites

1. A ReverseProxy-directive has to be set in the OX-/Loadbalancer-Apache

Example:

  1. ReverseProxy to 3rd-party to enable the form-login

ProxyPass /forwardname_htp http://3rdpartydomain.tld ProxyPassReverse /forwardname http://3rdpartydomain.tld

  1. enable sslProxy

SSLProxyEngine on

please note that "forwardname" is just an example, this could be anything

2. The necessary apache-module needs to be installed for this directive to work

Typically that is done like this: ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load

3. The 3rd-party system accesses the OX-system via the same domainname as the user (e.g. oxdomain.TLD)

4. the 3rd-party system is on the ip-check-whitelist of the OX-system as described here (in "10.2.20. noipcheck.cnf"): http://software.open-xchange.com/OX6/doc/OX6-Installation-and-Administration.pdf

Also the exact parameter-names for the FormLogin can be found here: http://oxpedia.org/wiki/index.php?title=HTTP_API#Form_Login_.28since_6.20.29

Diagram

This diagram shows the complete process. Just read it naturally from top to bottom and you have the chronological oder things need to happen in.

FormLoginDiagram.jpg

Example for the login-form

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN"  "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="cache-control" content="no-cache">
<title>Login</title>
<script type="text/javascript">
function uuid() {
   function hex(len, x) {
       if (x === undefined) x = Math.random();
       var s = new Array(len);
       for (var i = 0; i < len; i++) {
           x *= 16;
           var digit = x & 15;
           s[i] = digit + (digit < 10 ? 48 : 87); // '0' and 'a' - 10
       }
       return String.fromCharCode.apply(String, s);
   }
   return [hex(8), "-", hex(4), "-4", hex(3), "-", hex(4, 0.5 + Math.random() / 4), "-", hex(12)].join("");
}
</script>
</head>
<body>
<form action="/ajax/login?action=formlogin&authId=" method="post"  onSubmit="this.action += uuid();">

<label for="login">Username: </label> <input type="text" name="login" id="login">
<label for="password">Password: </label> <input type="password" name="password" id="password">
<input type="submit" value="Login"> <input type="hidden" name="client" value="com.openexchange.ox.gui.dhtml"> <input type="hidden" name="version" value="Form Login"> <input type="hidden" name="autologin" value="true"> <input type="hidden" name="uiWebPath" value="/ox6/index.html">

</form>
</body>
</html>