User already logged

[rewko]

Is there any reason why user can be loggen only once?

We\'d need one identity for anybody who connects throught web service. Is it possible to setup OpenKM so?

Thanks

[dignan]

What do you mean by one identity? If you want to know if OpenKM can authenticate to another database, yes it can. I know for sure it can be set up to authenticate to an LDAP server.

I don\'t know if there\'s a reason for it, but why would a user log in more than once at a time?

[rewko]

One identity - something like anonymous account. Actually I want to avoid creating user account for every user as long as there is no webservice for this and it is not required for me to trace who is author of any file etc.

It is obvious this user account should be able to be logged in more than once.

[jllort]

Now it\'s not implemented the anonymous user. And other problem, than on future we\'ll solve is that one user only can be loged one time on OpenKM not twice ( that\'s a security issue that has become tedious, and we\'ve planned to remove this restriction ).

[rewko]

So is it possible for me to solve it now - some hack?

Can I for example share SessionID of one user for more clients (I am using webservice) or just turn off authentication for webservice clients (and restrict access by firewall), etc...?

[kraken]

I need that too, i have it setup with my LDAP server so i have not to setup user accounts, but i need to make autologin. any idea how to do that ?

[Horus]

I'd also like to have the possibility of logging in more than once. It's not because I want my users to share their credentials, but because users nowadays are no longer supposed to have only one computer. It would be a pain for them to log out from one computer in order to log in another one.

There's one more thing: just like most web applications, people would sometimes just close the windows without really logging off. It would be nice if there's a way to programme the time session, eg one hour.

[kraken]

I\'d also like to have the possibility of logging in more than once. It\'s not because I want my users to share their credentials, but because users nowadays are no longer supposed to have only one computer. It would be a pain for them to log out from one computer in order to log in another one.

yes me too, another show stopper of the application nowadays is this: normal (say stupid) users doesn\'t "Exit" the application in the menu, they just close the browser. When they again try to open the browser, they have their account locked !! Never seen anything like that. Think about if i log into any web application out there, and i close it by closing the browser then i can access again cause it feels (by reading cookies) that i\'m the same user as before closign the browser.

Please think about this and make openKM work like any other web application out there !

[kraken]

There\'s one more thing: just like most web applications, people would sometimes just close the windows without really logging off. It would be nice if there\'s a way to programme the time session, eg one hour.

exactly ! well there is aparameter for controlling the session, anyway setting it too low may render openKM unusable, and leaving to 10-15 minutes is unacceptable !! people is calling me every day to unlock their account ! boring :/

[Horus]

I can't find such parameter from the GUI. I suppose it's done by manually editing some XML files. Never mind.

There's something OpenKM could do to reduce the potential problem. It's by using onWindowClose, onBeforeUnload, onUnload, etc all these tricks to trigger a forced logout. Of course, this won't solve 100% of the problems, but it's better than nothing.

[jllort]

To increase default time-out session it\'s configured in OpenKM/web-inf/server.xml

Simply adding for example

Code: Select all

<session-config>
      <session-timeout>60</session-timeout>    <!-- 60 minutes -->
</session-config>

About tedious locked users. There\'s no session problem, because OpenKM each 15 minutes fires a keep alive request to server with objective to mantaining session. When users logout incorrectly is when appears problem ( if problems appears on other scenario might take a look about user popup killer or antivirus that hangs keep alive automatically request ).

How to solve locked users, we\'ll that has been some security enhancement - only enable single login - and it has not been a lucky idea. Seems on future might change it.

[Tom]

Hello,

I\'m unable to find the file server.xml under the directory you suggest. Is that correct?
Or is there a typo in your reply. Thanks.


Tom

[kraken]

To increase default time-out session it\'s configured in OpenKM/web-inf/server.xml

Simply adding for example

Code: Select all

<session-config>
      <session-timeout>60</session-timeout>    <!-- 60 minutes -->
</session-config>

About tedious locked users. There\'s no session problem, because OpenKM each 15 minutes fires a keep alive request to server with objective to mantaining session. When users logout incorrectly is when appears problem ( if problems appears on other scenario might take a look about user popup killer or antivirus that hangs keep alive automatically request ).

How to solve locked users, we\'ll that has been some security enhancement - only enable single login - and it has not been a lucky idea. Seems on future might change it.

ok, but if i close the browser, and then i again try to enter the site it says locked user- nothing you can do with that directive, or keep alive isn\'t the solver here !

where i can find the variable for setting OpenKM interval for sending a keepalive ? i want to limit the session to 2 minutes and fire a keep alive every minute so i will better handle the case when user close the browser button.

i have to ask again, how can i enable autologin with current LDAP (Active Directory). Not login (which i already setup) but AUTO LOGIN ? AUTOMATIC LOGIN with no user interaction ? seems nobody understand the difference !

[jllort]

For automatic login without user interaction you might search on jboss forum to know if it\'s possible, really OpenKM uses jboss jaas authentication.

About where\'s on source code the keepalive ( take a look at Startup.java ).

[kraken]

For people that are insterested i found this:

http://www.jboss.org/community/wiki/JBossNegotiation

which explain how to setup SPNEGO security and enable automatic kerberos login for your Active Directory users (bypassing jboss login forms).

we have replicated everything from the guide in this package (https://jira.jboss.org/jira/secure/atta ... 0.3.GA.tgz) and we are about to end with good results, apart that we have some problems with completing authentication cause of this error:

Code: Select all

10:35:00,266 ERROR [SPNEGOLoginModule] Unable to authenticate
GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
	at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)

if you have some ideas or make this work it sill be perfect !