Hello,

As per this ticket: http://issues.liferay.com/browse/LPS-25690, when using webdav in Liferay it will always try to authenticate the user directly against the Liferay database. However if we're using CAS as the SSO source, Liferay doesn't necessarily know about the user's real password, so the webdav authentication won't work.

Since webdav clients won't necessarily know how to handle a web based authentication service like CAS, I assume I have to implement my own method of authentication for webdav, eg. connecting directly to the external LDAP or wherever we are storing the real user's passwords.

Any ideas of the best way to implement this, or if someone else has implemented something simliar? Do I create my own version of the 'SecureFilter' that's configured in tunnel-web/WEB-INF/web.xml for the 'Secure WebDAV Servlet Filter', and make this filter do the external authentication?

Thanks.

Note a recent post from Mika Koivisto

http://issues.liferay.com/browse/LPS-14763?focusedCommentId=250220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-250220


Mika Koivisto added a comment - 14/Dec/12 12:10 AM
tunnel-web has been merged to portal-web in 6.1

Perhaps Mika can comment whether or not this change will resolve this issue?

Bruce

Most SSO mechanisms won't work with webdav unless the webdav client itself supports that SSO provider.