Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: dalimsoftware
dalimsoftware Author
User level: Level 1
0 points

How to switch off authenticity in Wiki server

Hi, I am trying to find out how I can prevent the authenticity check used in Wiki Server (Lion).


So far I understood this is a recommended behavior from the HTTP specification and absolutely makes sense for the security.

Still, I am running in a private environment where I would like to use a login mechanism from another website.

Users need to be logged in to the other website (with identical authentication settings) before this mechanism becomes available.


I found: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/Cla ssMethods.html

But not sure where to look for when it comes to the configuration/modification of the OS X Wiki server.

Best would be to allow a simple "POST" with username and (maybe hashed) password instead of fetching and tweaking the login mechanism.

The authentication source behind is Active Directory for both cases.


The aim of this question is to have a "Single Sign On" in an environment where Kerberos is not supported.


Someone can help or has an idea where to start?

Mac OS X (10.7), Wiki Server 3

Posted on Mar 23, 2012 10:33 AM

Reply
1 reply
User profile for user: dalimsoftware
dalimsoftware Author
User level: Level 1
0 points

Mar 26, 2012 7:42 AM in response to dalimsoftware

To make things even a bit more complicated (if running Wiki in a enterprise portal using iFrame's):


I had to find out content is also protected from a x-frame header on the webserver level (see /etc/apache2/httpd_corecollaboration_required.conf).


Switching off the header check does not help either - although you will be able to login from a framed page, no content of any wiki article will be delivered (analyzing live HTTP headers does shed some light on that issue). Instead it will only show "New Page"...


It seems Apple has done everything to protect the content published on the server a) on the configuration (apache) as well as b) on the application (ruby) and b) script (javascript) level.


Unfortunately their is neither a documentation nor GUI available. Only a few global search results on the web may direct you finding how they did setup the whole thing.


Please Apple - security is a great thing, but please keep it customizable. OS X 10.6 was much better in that!


In my particular case I would wish I had:

1. Specify some domains who can read content from my Wiki server in an iFrame

2. Have preauthentication available for a seamless login

Reply

How to switch off authenticity in Wiki server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up