search

orbeon / orbeon-forms

Orbeon Forms is an open source web forms solution. It includes an XForms engine, the Form Builder web-based form editor, and the Form Runner runtime.
http://www.orbeon.com/
GNU Lesser General Public License v2.1
518 stars 220 forks source link

Clarify services authentication #4226

Open ebruchez opened 5 years ago

ebruchez commented 5 years ago

We document how to authenticate with a service, but when using header-based auth, the Form Runner auth filter is not able to obtain user information unless it's passed as headers as well. In the case of Liferay, in particular, in the same orbeon.war, the user must pass the same Orbeon-Liferay-User-Credentials Liferay header, which is in JSON format.

This must be:

+1 from customer

See also #1872 #2321 which touches on the same issue. But did anything change since then?

ebruchez commented 5 years ago

Ok, it turns out that not everything above is correct. If a Orbeon-Liferay-User-Credentials header has a non-blank value, then it will be used. Otherwise, the individual headers are checked. This means that: