« Back

Secure RSS Feeds

Staff Blogs February 16, 2011 By Ray Augé Staff

All secure RSS feeds now transparently support BASIC  Authentication.

The behavior is such that when you're logged in, the feeds will simply work as expected if you open them directly in the browser. If you log out, you'll suddenly be promted for BASIC  Authentication. If you use the url with an external RSS client and that client supports BASIC Authentication then simply give your credentials and you should be good to go.

Pleae note that BASIC Authentication transfers your passwords over the internet/network in plain text, so make sure that you have SSL enabled if you care about such things.

An alternative is also to enabled DIGEST Authentication (just add an init parameter for "digest_auth" in the filter declaration and restart).

Note of you're using an SSO of some kind, and the client making the request speaks in your SSO's toung, then of course you don't have to worry about any of this.

 

Enjoy!

(Update: The issue was resolved as of LPS-12308 r73243.)

Threaded Replies Author Date
Great! All RSS feeds should be secure. Thanks,... Jonas Yuan February 16, 2011 5:44 PM
Thank you very much Ray. I didn't know that... Tobias Käfer February 16, 2011 9:17 PM
Can you do this with Web Content Feeds? Chris Whittle February 17, 2011 5:37 AM
Yes! The key is to make those originate from a... Ray Augé February 17, 2011 5:57 AM
Thanks Ray! We are currently working towards... Chris Whittle February 17, 2011 6:01 AM
If you are talking specifically about the Feeds... Ray Augé February 17, 2011 6:06 AM
Thanks Ray, I am talking about the Feeds from... Chris Whittle February 17, 2011 6:10 AM
It will work yes! You have nothing to do after... Ray Augé February 17, 2011 6:17 AM
Awesome! Is it backported to 5.2 Sp5? Chris Whittle February 17, 2011 6:20 AM
To 6.0sp2. There is only one very small patch... Ray Augé February 17, 2011 6:28 AM
This is brilliant! Very good! Brett Swaim February 17, 2011 3:04 PM
My RSS feed from forum is broken, ... eric rafel March 21, 2014 3:36 AM

Great! All RSS feeds should be secure. Thanks, Ray!
Posted on 2/16/11 5:44 PM.
Thank you very much Ray.
I didn't know that there was the ability to add a regex to the filter.
Everything would have been much easier emoticon
Posted on 2/16/11 9:17 PM.
Can you do this with Web Content Feeds?
Posted on 2/17/11 5:37 AM.
Yes! The key is to make those originate from a private page.

So, when creating your feed, just make sure that the page friendly url you specify is private.
Posted on 2/17/11 5:57 AM in reply to Chris Whittle.
Thanks Ray! We are currently working towards this so it comes at a great time.... Do you have an example of how I would format the url to be used in the RSS Feed to Basic Authentication?
Posted on 2/17/11 6:01 AM in reply to Ray Augé.
If you are talking specifically about the Feeds you define in the Web Content portlet on the Feeds tab, then the url is generated for you.

For other feeds, those depend on the portlet, and you don't have to reformat the urls in any way. The basic auth is transparently applied after the fix.

(Updating above with rev and ticket #).
Posted on 2/17/11 6:06 AM in reply to Chris Whittle.
Thanks Ray, I am talking about the Feeds from the Web Content Portlet...
I want to generate a secure Web Content Feed from a private community and share it with other private communities..
Is this possible with what you are talking about?
Posted on 2/17/11 6:10 AM in reply to Ray Augé.
It will work yes! You have nothing to do after having this fix. Simply, if the client is not authenticated when making a request to the feed (yes Web Content Feed that specifies a private "Target Page Friendly URL"), basic authentication will kick in.
Posted on 2/17/11 6:17 AM in reply to Chris Whittle.
Awesome! Is it backported to 5.2 Sp5?
Posted on 2/17/11 6:20 AM in reply to Ray Augé.
To 6.0sp2.

There is only one very small patch code wise, the rest are configuration, so you _might_ be able to get a patch as part of your support (I should not speak for them, but asking would not hurt).
Posted on 2/17/11 6:28 AM in reply to Chris Whittle.
This is brilliant! Very good!
Posted on 2/17/11 3:04 PM.
My RSS feed from forum is broken,
https://www.appex.com/en/web/boite-a-idees/home/-/message_boards/rss?p_l_id=4123­4&_19_mbCategoryId=41224&

p_l_id has no value causing 404 error.
Posted on 3/21/14 3:36 AM.