Open-Xchange servlet for external login masks

From Open-Xchange

Open-Xchange servlet for external login masks

Who should read this document

This document is written for web developers who would like to create a custom login mask for the Open-Xchange server. The login mask can reside on an external server i. e., not directly located in the domain of the Open-Xchange machines. It is also intended for administrators who install and maintain Open-Xchange services.

Description

The package open-xchange-easylogin provides a servlet which expects a user name and password via HTTP GET or POST. For security reasons, GET is disabled by default but can be turned on via configuration. With that information the servlet generates java code that is then executed in the users browser so that the user gets automatically logged in to the Open-Xchange application. The servlet URL is after installation:

http://ox-server/servlet/easylogin

Installation

The package open-xchange-easylogin, available in the CommunitySoftwareRepositories , needs to be installed using the operation system toos for package maintaining (e.g. dpkg, rpm). After installation, the groupware process has to be restarted:

/etc/init.d/open-xchange restart

Configuration

Configuration file is:

/opt/open-xchange/etc/groupware/easylogin.properties

following configuration options are available (the groupware must be restarted to make changes effective):

# easylogin configuration file

# GET/POST variable name for the password
com.openexchange.easylogin.passwordPara = password 

# GET/POST variable name for the login name
com.openexchange.easylogin.loginPara = login 

# AJAX root path on the Open-Xchange server 
# do not change unless you know what you are doing
com.openexchange.easylogin.AJAX_ROOT = /ajax

# the relative path to the Open-Xchange GUI
com.openexchange.easylogin.OX_PATH_RELATIVE = ../

# enable GET for the servlet 
# possible parameters: true/false
com.openexchange.easylogin.doGetEnabled = true

Example HTML form

Below are two html form examples for a custom login mask. One for HTML POST and one for GET (for security reasons POST should be used). For own use, the string ox-server needs to be replaced by the name of the Open-Xchange server:

 <html>
 <body>

 <h1>Login via POST:</h1>
 <form action="http://ox-server/servlet/easylogin" method="POST">
     <p>
     <label for="login">Username: </label>
               <input type="text" name="login" id="login"><br>
     <label for="password">Password:  </label>
               <input type="password" name="password" id="password"><br><br>
     <input type="submit" value="POST login">
     </p>
  </form>
 
  <h1>Login via GET:</h1>
  <form action="http://ox-server/servlet/easylogin" method="GET">
     <p>
     <label for="login">Username: </label>
               <input type="text" name="login" id="login"><br>
     <label for="password">Password:  </label>
               <input type="password" name="password" id="password"><br><br>
     <input type="submit" value="GET login">
     </p>
  </form>
 
  </body>
 </html>