Hey all,
So I now have my intranet running on the same matrix server as our public sites. It's url is test.blah.local. We have ldap integration with kerberos so that when staff open their browser they are automatically logged in to a matrix user group.
This is all lovely but there are a couple of java hiccups (to get the asset map working you have to log into a java authentication box that pops up, see below, which is annoying when it is supposed to be single sign on) and I am wondering if a fully qualified domain would help.
[attachment=464:javaerror.gif]
Now, probably the box is coming up due to some intricacies in the whole single sign on set up (multiple people in the kitchen), so I am sure it can be resolved, but I am wondering if Matrix copes better with a qualified domain or if it makes no difference if it's an intranet set up.
Is it better to make a fake intranet.com style address for everything or is intranet (like our old intranet had) going to do the job just as well?
Servers/networking are not my forte, so would appreciate some advice to know what road to take to help tackle my lingering problems.
javaerror.gif (9.48 KB)
hi rachel - i have exactly the same issue for our intranet (which does have a fully qualified domain name). its only when selected users try to login to the backend, im pretty sure the solution is to amend the apache server config to exclude the .jar file that generates the asset map - im just hoping one of the whizz kids from squiz can let us all know the exact format 
[quote]
hi rachel - i have exactly the same issue for our intranet (which does have a fully qualified domain name). its only when selected users try to login to the backend, im pretty sure the solution is to amend the apache server config to exclude the .jar file that generates the asset map - im just hoping one of the whizz kids from squiz can let us all know the exact format
[/quote]
Ah - nice one! Coincidentally we just implemented a test SSO and were getting this problem as well. Seems as though JRE doesn't handle the NTLM authentication too well perhaps. Thanks for the tip.
Probably can be fixed by adding something like this to Apache <VirtualHost> block:
Allow from all
Satisfy any
Haven't tested that though.
before we all open our intranets to an apache exception like this does anyone (ie, matrix devs) have any thoughts on security issues? there's usually a reason we put authentication across the whole site.
Java applets require their own authentication because they don't share the cookie or something (I don't exactly remember) so does a sort of SSO with the asset map when it prints the embed code so that the session IDs are sync'd together and you get the correct permissions.
If you are getting a login box, the session sync didn't work. But you can't just stop the asset map from authenticating or else I think all requests from the asset map to Matrix will be done as the public user and your permissions wil be incorrect.
I do not know why the authentication would have failed with your SSO. We'd have to debug it to figure out what the issue is with the Matrix/Asset Map SSO embed code first.
Okay, so the answer to the first question is that it doesn't make much of a difference to Matrix if you're using intranet or intranet.com as the url…?
correct rachel, as long as your server hosts file has the entry and all your clients know what to do with the domain (could be a central dns entry or individually on each machine) then you can setup a matrix site with any word. remember though that your own computer's hosts file has priority for domain name resolution, then it goes to your nominated dns server and so on.
btw - its a good trick to play on someone who refuses to lock their pc when out of the office - usually c:\windows\system32\etc\drivers\hosts and use a funny website in place of google or your corporate website.
216.34.181.72 www.google.com google.com
Good trick, but only works if the user is a local admin!