Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 381320

Summary: main page won't load unless orion.auth.name=FORM+OpenID (or commented out)
Product: [ECD] Orion Reporter: Rafael Chaves <eclipse>
Component: ServerAssignee: Simon Kaegi <simon_kaegi>
Status: RESOLVED WONTFIX QA Contact:
Severity: normal    
Priority: P3 CC: simon_kaegi
Version: 0.5   
Target Milestone: ---   
Hardware: PC   
OS: Linux   
Whiteboard:

Description Rafael Chaves CLA 2012-06-01 03:33:10 EDT 
After reading http://wiki.eclipse.org/Orion/Server_admin_guide I wanted to limit authentication to OpenID only. But unless I set to orion.auth.name to FORM+OpenID or comment it out, the client main page won't work. In the back end, I get the following exception:

!ENTRY org.eclipse.orion.server.configurator 4 0 2012-06-01 00:20:17.013
!MESSAGE Authentication service is missing. The server configuration must specify an authentication scheme, or use "None" to indicate no authentication
2012-06-01 00:20:17.020 [qtp17938704-23] WARN  o.e.jetty.servlet.ServletHandler - /prefs/user/plugins
javax.servlet.ServletException: Authentication service is missing. The server configuration must specify an authentication scheme, or use "None" to indicate no authentication
	at org.eclipse.orion.server.configurator.servlet.LoggedInUserFilter.init(LoggedInUserFilter.java:41) ~[na:na]
	at org.eclipse.equinox.http.registry.internal.FilterManager$FilterWrapper.initializeDelegate(FilterManager.java:184) ~[na:na]
	at ...
Comment 1 Rafael Chaves CLA 2012-06-01 03:33:24 EDT 
ss on the console shows:

82	STARTING    org.eclipse.orion.server.authentication.basic_0.2.0.v20120525-1301
83	ACTIVE      org.eclipse.orion.server.authentication.form.core_0.3.0.v20111005-0619
84	ACTIVE      org.eclipse.orion.server.authentication.formopenid_0.3.0.v20120525-1301
85	ACTIVE      org.eclipse.orion.server.authentication.openid.core_0.3.0.v20120525-1301


Only bundle 82 and 84 have registered services:

osgi> bundle 84
org.eclipse.orion.server.authentication.formopenid_0.3.0.v20120525-1301 [84]
  Id=84, Status=ACTIVE      Data Root=/home/rafael/dev/orion-0.5m2/eclipse/configuration/org.eclipse.osgi/bundles/84/data
  "Registered Services"
    {org.eclipse.orion.internal.server.core.IWebResourceDecorator}={service.id=47}
    {org.eclipse.orion.server.core.authentication.IAuthenticationService}={orion.auth.name=FORM+OpenID, component.name=org.eclipse.orion.server.authentication.formopenid, component.id=4, service.id=52}


osgi>  bundle 82
org.eclipse.orion.server.authentication.basic_0.2.0.v20120525-1301 [82]
  Id=82, Status=STARTING    Data Root=/home/rafael/dev/orion-0.5m2/eclipse/configuration/org.eclipse.osgi/bundles/82/data
  "Registered Services"
    {org.eclipse.orion.server.core.authentication.IAuthenticationService}={orion.auth.name=Basic, component.name=org.eclipse.orion.server.authentication.basic.ds, component.id=0, service.id=62}
Comment 2 Simon Kaegi CLA 2012-06-01 12:11:46 EDT 
Hi Rafael,
Sorry that's my fault. I still have some cleanup to do there. The low-level mechanism is going to be changed so that the Form/OpedID service can be configured to limit what auth types it provides but at the moment its all or nothing.
Comment 3 Simon Kaegi CLA 2012-06-13 11:56:41 EDT 
I'm going to re-target for 1.0. Sorry Rafael.

For 0.5 we're not going to make further code changes here so that means we're temporarily restricted to FORM+OpenID though that's not the end of the story.

I'll update the Server Admin guide still in RC3 before formally re-targetting.
Comment 4 Simon Kaegi CLA 2012-06-18 12:25:52 EDT 
For 0.5 I've removed the standalone FORM and OpenID support from the server-side and updated the server admin guide. If you want to exclusively use one or the other the change will have to use a custom Login UI for now.

There is still a ton of work to do on authentication and the flows we want to use but this will have to wait until 1.0
Comment 5 Simon Kaegi CLA 2012-10-03 16:34:13 EDT 
Untargetting. We're in the process of increasingly getting out of the authentication business. Orion will continue to support Form, OpenId, and Persona however we're our focus is going to be on decoupling from the authenticator as opposed to putting a lot of energy in to making our implementation configurable. What that means is if you want to do something different you should take control of authentication yourself.
Comment 6 Simon Kaegi CLA 2013-10-09 17:24:03 EDT 
We're not going to re-enable this support in Orion. The direction we're going is to increasingly use a higher level filter or the app server itself to do the authentication and get out of this business ourselves.