internal package Foswiki::LoginManager::KerberosLogin

See PublishedAPI for packages intended to be used by Plugin and Contrib authors, or browse all packages.
See also Developing plugins, Developer's Bible, Technical Overview


This login manager may be used to implement single sign on based on Kerberos authentication. For this to work you will have to set up your server as well as your browser to exchange kerberos tickes part of the HTTP header. See LdapContrib for more information.

If no ticket could be exchanged will this login manager fall back to Foswiki::LoginManager::LdapTemplateLogin

ClassMethod new($session)

Construct the KerberosLogin object

ObjectMethod getSessionUser()

returns user as already found in session

ObjectMethod login($request, $session)

Checks for a neogitiation HTTP header and redirects to login if not. When found we will redirect to another view to perform the actual ticket exchange. A special url parameter _krb_redirect will be set to prevent multiple redirects happening by accident.

ObjectMethod forceAuthentication() → boolean

Triggered by an access control violation, this method tests to see if the current session is authenticated or not. If not, it does whatever is needed so that the user can log in, and returns 1.

If the user has an existing authenticated session, the function simply drops though and returns 0.

ObjectMethod getUser()

performs the actual kerberos communication to extract the remote user name from the ticket found in the HTTP header.

Topic revision: r1 - 21 Nov 2014, ProjectContributor
This site is powered by FoswikiCopyright © by the contributing authors. All material on this site is the property of the contributing authors.
Ideas, requests, problems regarding CLASSE Wiki? Send feedback