Open-Xchange servlet for external login masks: Difference between revisions

From Open-Xchange
No edit summary
No edit summary
Line 2: Line 2:


== Who should read this document ==
== Who should read this document ==
This document is written for web developers who would like to create a custom login mask for the Open-Xchange server. The login mask can reside on an external server i. e., not directly located in the domain of the Open-Xchange machines. It is also intended for administrators who install and maintain Open-Xchange services.
This document is written for web developers who would like to create a custom login mask for the Open-Xchange server. The login mask can reside on an external server i. e., not directly located in the domain of the Open-Xchange machines. It is also intended for administrators who install and maintain Open-Xchange services.


== Description ==
== Description ==
The open-xchange-easylogin package provides a servlet which expects a user name and password via HTTP GET or POST. For security reasons, GET is disabled by default but can be turned on via configuration. With that information the servlet generates java code that is then executed in the user's browser so that the user gets automatically logged in to the Open-Xchange application. After the installation the servlet URL is:
http://ox-server/servlet/easylogin


{{InstallPlugin|pluginname=open-xchange-easylogin|sopath=stable}}
The Open-Xchange [[HTTP_API#Form_Login_.28since_6.20.29|HTTP API]] has a function to
create a session from external.


== Configuration ==
== Example form ==
Configuration file is:
/opt/open-xchange/etc/groupware/easylogin.properties


following configuration options are available (the groupware must be restarted to make changes effective):
A recent version of this sample can be found in the open-xchange package within the directory in /usr/share/doc.
# easylogin configuration file
# GET/POST variable name for the password
com.openexchange.easylogin.passwordPara = password
# GET/POST variable name for the login name
com.openexchange.easylogin.loginPara = login
# AJAX root path on the Open-Xchange server
# do not change unless you know what you are doing
com.openexchange.easylogin.AJAX_ROOT = /ajax
# the relative path to the Open-Xchange GUI
com.openexchange.easylogin.OX_PATH_RELATIVE = ../
# enable GET for the servlet
# possible parameters: true/false
com.openexchange.easylogin.doGetEnabled = true
 
== Example HTML form ==
The examples below show how an HTML form for a custom login mask looks like. One example is  for HTML POST and one for GET (for security reasons we recommend to use POST). When using the example for your own purposes, the ox-server string needs to be replaced by the name of the Open-Xchange server:


<pre>
<pre>
<html>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<body>
<html>
 
<head>
<h1>Login via POST:</h1>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<form action="http://ox-server/servlet/easylogin" method="POST">
<meta http-equiv="cache-control" content="no-cache">
    <p>
<title>Login</title>
    <label for="login">Username: </label>
<script type="text/javascript">
              <input type="text" name="login" id="login"><br>
function uuid() {
    <label for="password">Password:  </label>
    function hex(len, x) {
              <input type="password" name="password" id="password"><br><br>
        if (x === undefined) x = Math.random();
    <input type="submit" value="POST login">
        var s = new Array(len);
    </p>
        for (var i = 0; i < len; i++) {
  </form>
            x *= 16;
            var digit = x & 15;
  <h1>Login via GET:</h1>
            s[i] = digit + (digit < 10 ? 48 : 87); // '0' and 'a' - 10
  <form action="http://ox-server/servlet/easylogin" method="GET">
        }
    <p>
        return String.fromCharCode.apply(String, s);
    <label for="login">Username: </label>
    }
              <input type="text" name="login" id="login"><br>
    return [hex(8), "-", hex(4), "-4", hex(3), "-", hex(4, 0.5 + Math.random() / 4), "-", hex(12)].join("");
    <label for="password">Password:  </label>
}
              <input type="password" name="password" id="password"><br><br>
</script>
    <input type="submit" value="GET login">
</head>
    </p>
<body>
  </form>
<form action="/ajax/login?action=formlogin&authId=" method="post" onSubmit="this.action += uuid();">
<p>
  </body>
<label for="login">Username: </label>
</html>
<input type="text" name="login" id="login"><br>
<label for="password">Password:  </label>
<input type="password" name="password" id="password"><br>
<input type="submit" value="Login">
<input type="hidden" name="client" value="com.openexchange.ox.gui.dhtml">
<input type="hidden" name="version" value="Form Login">
<input type="hidden" name="autologin" value="true">
<input type="hidden" name="uiWebPath" value="/ox6/index.html">
</p>
</form>
</body>
</html>
</pre>
</pre>


[[Category: OX6]]
[[Category: OX6]]

Revision as of 11:45, 14 April 2011

Open-Xchange servlet for external login masks

Who should read this document

This document is written for web developers who would like to create a custom login mask for the Open-Xchange server. The login mask can reside on an external server i. e., not directly located in the domain of the Open-Xchange machines. It is also intended for administrators who install and maintain Open-Xchange services.

Description

The Open-Xchange HTTP API has a function to create a session from external.

Example form

A recent version of this sample can be found in the open-xchange package within the directory in /usr/share/doc. 

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="cache-control" content="no-cache">
<title>Login</title>
<script type="text/javascript">
function uuid() {
    function hex(len, x) {
        if (x === undefined) x = Math.random();
        var s = new Array(len);
        for (var i = 0; i < len; i++) {
            x *= 16;
            var digit = x & 15;
            s[i] = digit + (digit < 10 ? 48 : 87); // '0' and 'a' - 10
        }
        return String.fromCharCode.apply(String, s);
    }
    return [hex(8), "-", hex(4), "-4", hex(3), "-", hex(4, 0.5 + Math.random() / 4), "-", hex(12)].join("");
}
</script>
</head>
<body>
<form action="/ajax/login?action=formlogin&authId=" method="post" onSubmit="this.action += uuid();">
<p>
<label for="login">Username: </label>
<input type="text" name="login" id="login"><br>
<label for="password">Password:  </label>
<input type="password" name="password" id="password"><br>
<input type="submit" value="Login">
<input type="hidden" name="client" value="com.openexchange.ox.gui.dhtml">
<input type="hidden" name="version" value="Form Login">
<input type="hidden" name="autologin" value="true">
<input type="hidden" name="uiWebPath" value="/ox6/index.html">
</p>
</form>
</body>
</html>
Retrieved from "https://wiki.open-xchange.com/wiki/index.php?title=Open-Xchange_servlet_for_external_login_masks&oldid=7651"