HTTP Authorization

HTTP User Authentication

Home >>> HTTP Authentication

Overview

Overview

By default ParaChat server authenticates user logins based on ParaChat's own user profiles. User profiles are stored under "users" directory, with one profile per user. A user login is successful when the user's profile is found under "users" directory and the password user entered matches the password in the profile file
An admin user is created when ParaChat is installed. This user name is called "admin" with profile stored as "admin.profile" in the "users" directory.

The data flow of user authentication in this case looks like

User enters name and password in chat applet of a web browser.

Chat server looks up local file system.

Chat server responds with Success or Failure of login.

ParaChat HTTP user authentication is designed to authenticate users whose profiles are stored in an external database. A third party provides a URL for ParaChat. ParaChat uses that URL for authentication. By default, ParaChat server looks up local user profiles under "users" first before attempting HTTP authentication.

The authentication with HTTP follows these steps.

User enters name and password in chat applet of a web browser.
Chat server looks up local file system. If user is found, authentication is done. Otherwise, go to step 3.
Chat server connects to a server using a URL with user name and password.
Chat server gets a reply from the server with authentication status such as Success or Failure.

User Name Case Sensitivity

User names are case insensitive by default. When you create users manually under ParaChat server directory "users", make sure the file names are all in lower case. This applies mainly to Unix systems as Windows file systems are case insensitive.

A Quick Example

Here is a quick example of how to set up a ParaChat server to run HTTP user authentication.

Step 1. Install ParaChat server. See ParaChat documents for instructions.

Step 2. Open ./config/pchatd.conf in a text editor, and put these 2 lines at the end of the file
(No leading or trailing spaces).

pchatd.UserAuth.class=paralogic.auth.WebUserAuth
pchatd.UserAuth.Web.AuthURL=http://parachat.com/cgi-bin/webAuth/auth.cgi

Step 3. Restart ParaChat server.

Now ParaChat server uses this URL for user authentication.

http://parachat.com/cgi-bin/webAuth/auth.cgi

For example, to authenticate user "dummy" with password "secret", it sends this URL to parachat.com

http://parachat.com/cgi-bin/webAuth/auth.cgi?user=dummy&pass=secret

The parachat.com web server returns

Result=Success

Which means the user is a member of the external database. The sample database has one user only.

Set up Your Own HTTP User Authentication

To set up your own HTTP user authentication using your own database, you need to provide ParaChat server a URL. Typically, you need to set up a web server and write a CGI program which connects to your own database and does the authentication. Refer to ParaChat sample code below for your implementation.

Test cases

CGI in perl

CGI lib in perl

This table summarizes what your CGI program is supposed to return.

Return String
Meaning

Result=Success User is a member. Authentication is successful.

Result=UserNotFound
User is not in database. i.e. not a member.

Result=WrongPassword
User is in database. The password is wrong.

Result=Error Internal error. User login to a ParaChat room is denied.

Once you have tested your CGI program, it is very simple to integrate it with ParaChat server. Follow these steps. Suppose your URL is

http://my_host_name.com/cgi-bin/parachatAuth.cgi

If the web server is on the same machine as ParaChat server, you can use localhost,

http://localhost/cgi-bin/parachatAuth.cgi

1. Install ParaChat Server. If it is installed and is running, shut it down.

2. Open ./config/pchatd.conf in a text editor, and put these 2 lines at the end of the file
(No leading or trailing spaces).

pchatd.UserAuth.class=paralogic.auth.WebUserAuth pchatd.UserAuth.Web.AuthURL=http://my_host_name.com/cgi-bin/parachatAuth.cgi

3. Restart ParaChat server.

How to Make a Members only Chat Room

By default, a chat room allows non-member logins. That is to say, if a user is not found in "users" directory and is not in the external database, the user is allowed to login and chat. Members are still protected this way by password.

To make a room for members only, add this to the room you want to restrict to members only.

passwd.required=true

For more details, refer to
http://www.parachat.com/documentation/550/conf/roomnameconf.php

Cookie Authentication

Authentication based on a cookie is allow possible. It is up to the CGI program to validate a cookie. There are 3 parameters passed to the authentication URL:

"user" "pass" "cookie"

for example,
http://parachat.com/cgi-bin/webAuth/auth.cgi?user=someone&pass=xxx&cookie=donotcare

Cookie authentication is more involved. Typically, this is what happens.

Step 1. A user signs in to a web site.

Step 2. A user goes to a chat page.

Step 3. The web server for the site generates that chat page dynamically. It writes the user name, user
cookie and auto-login config to ParaChat applet code in the page.

Step 4. User name and user cookie are sent to ParaChat server. It may also send password if there is one.

Step 5. Chat server looks up local file system. If the user is found, authentication is done. Otherwise, go to
step 6.

Step 6. Chat server connects to a server using a URL with user name, password and cookie.

Step 7. Chat server gets a reply from the server with authentication status such as Success or Failure.

Authentication on ParaChat Web Based Admin Pages

ParaChat HTTP user authentication is a simple way of authenticating users in an external database in a read-only mode. Usually you have your own user interface for creating, editing, and deleting users in the external database.

ParaChat server has a set of web based admin pages that a super user manages users. The URL looks like,

When ParaChat server is configured to user HTTP authentication, the web based admin pages still work with the users stored under "users" directory. The web based admin pages does not write to the external database.

Note also when you create a new user on web based admin pages, you have blocked the same user name in the external database as local users are looked up first. For example, "admin" is created when ParaChat is installed. If you have a user called "admin" in the external database, you may want to rename the local "admin". To do this, simply change the file name of "admin.profile" to a different file name, for instance, "parachatadmin.profile".

�1996 - 2006 M Square, Inc. | Privacy Policy