Skip to main content

Content Porter 8.5 with ADFS

Image
By
Content Porter uses Basic auth to communicate with the ImportExport service. This means the federated security approach will not work.

Luckily, we have the Basic Authenticator that exposes the ADFS authentication as a basicHttp endpoint. Using this endpoint, the authenticator creates a new security principal and sets it in the current Thread and HttpContext.

As such, Content Porter works again out of the box:


For the Basic Authenticator to intercept requests for the basicHttp endpoint, I defined a regular expression that is matched against the URL of the request:

<add key="BasicAuthPath" value="(?i)/templating/.+\.asmx|/webservices/(core|importexport)service\d{4,6}\.svc/(streamdownload_basichttp|basichttp|script(?!/js))|/wflistener/wflistener\.asmx|/webdav|/monitoring/tridionmonitoringagent.asmx"/>

The expression above matches all requests to:
  • /templating/ folder, and files that end with .asmx extension. These are the services AssemblyTemplateUploadWebService.asmx and CompoundTemplateWebService.asmx
  • CoreService and ImportExportService under /webservices, and files that end with extension .svc, followed by either:
    • streamdownload_BasicHttp -- used for streaming binaries to/from a webservice
    • basicHttp -- exposes Basic authentication to the webservice
    • script, perhaps followed by /js -- exposes the services as web GET method of a REST API
  • /wflistener/wflistener.asmx -- old style Workflow listener webservice
  • /webdav -- exposes WebDAV to Basic auth
  • /Monitoring/TridionMonitoringAgent.asmx -- allows access to the Monitoring Web Service



Labels:

Comments

Post a Comment

Popular posts from this blog

Running sp_updatestats on AWS RDS database

By
Part of the maintenance tasks that I perform on a MSSQL Content Manager database is to run stored procedure sp_updatestats . exec sp_updatestats However, that is not supported on an AWS RDS instance. The error message below indicates that only the sa  account can perform this: Msg 15247 , Level 16 , State 1 , Procedure sp_updatestats, Line 15 [Batch Start Line 0 ] User does not have permission to perform this action. Instead there are several posts that suggest using UPDATE STATISTICS instead: https://dba.stackexchange.com/questions/145982/sp-updatestats-vs-update-statistics I stumbled upon the following post from 2008 (!!!), https://social.msdn.microsoft.com/Forums/sqlserver/en-US/186e3db0-fe37-4c31-b017-8e7c24d19697/spupdatestats-fails-to-run-with-permission-error-under-dbopriveleged-user , which describes a way to wrap the call to sp_updatestats and execute it under a different user: create procedure dbo.sp_updstats with execute as 'dbo' as...
2 comments
Read more

REL Standard Tag Library

By
The RSTL is a library of REL tags providing standard functionality such as iterating collections, conditionals, imports, assignments, XML XSLT transformations, formatting dates, etc. RSTL distributable is available on my Google Code page under  REL Standard Tag Library . Always use the latest JAR . This post describes each RSTL tag in the library explaining its functionality, attributes and providing examples. For understanding the way expressions are evaluated, please read my post about the  Expression Language used by REL Standard Tag Library . <c:choose> / <c:when> / <c:otherwise> Syntax:     <c:choose>         <c:when test="expr1">             Do something         </c:when>         <c:when test="expr2">             Do something else         </c:when...
2 comments
Read more

Publish Binaries to Mapped Structure Groups

By Unknown
Today's TBB of the Week comes from the high demand in the field to publish binary assets to different mapped Structure Groups. By default SDL Tridion offers two ways of publishing binaries: All binaries publish to a folder defined in your Publication properties; All binaries rendered by a given template publish to a folder corresponding to a given Structure Group; In my view, both cases are terrible, over-simplified and not representing a real use-case. Nobody in the field wants all binaries in one folder and nobody separates binary locations by template. Instead, everybody wants a mapping mechanism that takes a binary and publishes it to a given folder, defined by a Structure Group, and this mapping is done using some kind of metadata. More often than not, the metadata is the TCM Folder location of the Multimedia Component. I have seen this implemented numerous times. So the solution to publish binaries to a given location implies finding a mapping from a TCM Folder to a...
10 comments
Read more