|
0
|
1 <?xml version="1.0"?>
|
|
|
2 <!--
|
|
|
3 This is the authentication configuration file for protocol-httpclient.
|
|
|
4 Different credentials for different authentication scopes can be
|
|
|
5 configured in this file. If a set of credentials is configured for a
|
|
|
6 particular authentication scope (i.e. particular host, port number,
|
|
|
7 scheme and realm), then that set of credentials would be sent only to
|
|
|
8 servers falling under the specified authentication scope. Apart from
|
|
|
9 this at most one set of credentials can be configured as 'default'.
|
|
|
10
|
|
|
11 When authentication is required to fetch a resource from a web-server,
|
|
|
12 the authentication-scope is determined from the host, port, scheme and
|
|
|
13 realm (if present) obtained from the URL of the page and the
|
|
|
14 authentication headers in the HTTP response. If it matches any
|
|
|
15 'authscope' in this configuration file, then the 'credentials' for
|
|
|
16 that 'authscope' is used for authentication. Otherwise, it would use
|
|
|
17 the 'default' set of credentials (with an exception which is described
|
|
|
18 in the next paragraph), if present. If any attribute is missing, it
|
|
|
19 would match all values for that attribute.
|
|
|
20
|
|
|
21 If there are several pages having different authentication realms and
|
|
|
22 schemes on the same web-server (same host and port, but different
|
|
|
23 realms and schemes), and credentials for one or more of the realms and
|
|
|
24 schemes for that web-server is specified, then the 'default'
|
|
|
25 credentials would be ignored completely for that web-server (for that
|
|
|
26 host and port). So, credentials to handle all realms and schemes for
|
|
|
27 that server may be specified explicitly by adding an extra 'authscope'
|
|
|
28 tag with the 'realm' and 'scheme' attributes missing for that server.
|
|
|
29 This is demonstrated by the last 'authscope' tag for 'example:8080' in
|
|
|
30 the following example.
|
|
|
31
|
|
|
32 Example:-
|
|
|
33 <credentials username="susam" password="masus">
|
|
|
34 <default realm="sso"/>
|
|
|
35 <authscope host="192.168.101.33" port="80" realm="login"/>
|
|
|
36 <authscope host="example" port="8080" realm="blogs"/>
|
|
|
37 <authscope host="example" port="8080" realm="wiki"/>
|
|
|
38 <authscope host="example" port="80" realm="quiz" scheme="NTLM"/>
|
|
|
39 </credentials>
|
|
|
40 <credentials username="admin" password="nimda">
|
|
|
41 <authscope host="example" port="8080"/>
|
|
|
42 </credentials>
|
|
|
43
|
|
|
44 In the above example, 'example:8080' server has pages with multiple
|
|
|
45 authentication realms. The first set of credentials would be used for
|
|
|
46 'blogs' and 'wiki' authentication realms. The second set of
|
|
|
47 credentials would be used for all other realms. For 'login' realm of
|
|
|
48 '192.168.101.33', the first set of credentials would be used. For any
|
|
|
49 other realm of '192.168.101.33' authentication would not be done. For
|
|
|
50 the NTLM authentication required by 'example:80', the first set of
|
|
|
51 credentials would be used. For 'sso' realms of all other servers, the
|
|
|
52 first set of credentials would be used, since it is configured as
|
|
|
53 'default'.
|
|
|
54
|
|
|
55 NTLM does not use the notion of realms. The domain name may be
|
|
|
56 specified as the value for 'realm' attribute in case of NTLM.
|
|
|
57 -->
|
|
|
58
|
|
|
59 <auth-configuration>
|
|
|
60
|
|
|
61 </auth-configuration>
|
