Webdav + LDAP + CAS2_AUTH
Hello, I have a problem when I trying to get documents with a webdav drive by LDAP and CAS authentication. I always have this error message in my logs
Digest authentication failed. Stored HA1 is empty
In my cas-config.xml I add these following lines
<specificAuthenticationChain name="WebDAV"> <headers> <header name="User-Agent">(Microsoft-WebDAV-MiniRedir|DavClnt|litmus|gvfs|davfs|WebDAV|cadaver|BitKinex).*</header> </headers> <urlPatterns> <url>(.*)/site/dav.*</url> </urlPatterns> <replacementChain> <plugin>DIGEST_AUTH</plugin> <plugin>WEBDAV_BASIC_AUTH</plugin> </replacementChain>
I don't understand where is my problem, I don't know if I forget a file or a configuration.
Thank you for your help
WebDAV uses an authentication based on digest.
This digest is computed when the user authenticates the first time with the Web UI, but if you're authenticating against CAS, no password is sent to Nuxeo, which can not compute the digest, and as a consequence won't be able to validate the credentials sent from WebDAV.
So that's the problem you're facing.
Merci pour les pistes de solutions (sorry don't know how to translate that).
Have a nice day.
So, just to be sure, if CAS2_AUTH is enabled for Web UI, it's impossible to login in WebDAV because of the digest which is not computed due to CAS2_AUTH. And it's not possible to modify the WebDAV authentication to get it work while CAS2_AUTH is enabled for Web UI.
A way to use both (I mean while CAS2_AUTH is enabled), is first to use LDAP backend and BASIC_AUTH and login in Web UI, this way the digest is computed. Then re-enable CAS2_AUTH. WebDAV will work because a digest was computed. But if the user password is changed on LDAP there will be a problem with WebDAV authentication bescause the digest will be wrong. And every users have to login while CAS2_AUTH is disabled.
Perhaps : Is there a way to “force” nuxeo to automatically compute a digest for each user found in LDAP, without a user has to login ?
Thank you for explanations