From: Mike Taylor Date: Tue, 28 Oct 2014 12:28:56 +0000 (+0000) Subject: Since it turns out that the hostName field is used by our statistics X-Git-Tag: 1.0.0~75^2~24 X-Git-Url: http://git.indexdata.com/?p=mkws-moved-to-github.git;a=commitdiff_plain;h=21be840e8bb6c8d33c6f67b7426dde720134ddd2 Since it turns out that the hostName field is used by our statistics reporting to determine which host to harvest log-files from, we can't rely on that as any part of our authentication scheme: lots of end-user records now have hostName=sp-mkws.indexdata.com, which means that in the absence of username/password or referrer-based authentication, one of those is picked at random (and IP authentication is never used, as we don't get that far down the sequence). Instead, we now do authentication as follows: 1. Username/password, if any. 2. Referer, where possible. 3. IP-address. 4. New special constraint, token="mkws-default". So we now explicitly anoint one of the MKC libraries as the default to use for MKWS (when u/p, referrer and IP address all fail) by setting the "token" field in one of its end-user records to "mkws-default". At present, the only end-user for which this has been done is "MKWS demo", belonging to the library "DEMO MKWS: the MasterKey Widget Set". --- diff --git a/tools/service-proxy/service-proxy.properties b/tools/service-proxy/service-proxy.properties index 97ba878..8332385 100644 --- a/tools/service-proxy/service-proxy.properties +++ b/tools/service-proxy/service-proxy.properties @@ -25,8 +25,8 @@ relay.CF_ENGINE_ADDRESS = localhost:9003 # authn plugin, for torus based authentication authn.TORUS_URL = http://mkc-admin.indexdata.com/torus2/identity.USERS/records/ authn.MASTER_TORUS_URL = http://mkc-admin.indexdata.com/torus2/admin.admin/records/ -authn.ACTION_SEQUENCE = check,login,referrer,constraint,ipauth -authn.SPECIFIC_CONSTRAINT = hostName=${thisHost} +authn.ACTION_SEQUENCE = check,login,referrer,ipauth,constraint +authn.SPECIFIC_CONSTRAINT = token="mkws-default" # categories plugin, for Torus-based target categories categories.TORUS_BASEURL = http://mkc-admin.indexdata.com/torus2/