Configuring the Access Servlet to Allow HTTP Basic Auth
The /access servlet delivers all content stored by content hosting, including resources, attachments, and tool-specific content from rwiki, citations, podcasts, and others. This document describes the process of adding basic authentication to the access servlet, such that this content can be loaded from within a browser or other client that uses HTTP basic auth.
There is a configuration option that can be added to sakai.properties to enable basic authentication:
allow.basic.auth.login=true
Adding this setting will cause sakai to present a Basic Auth Challenge to select user agents, so that a user agent like iTunes will pop up an authentication box. You can control the list of User Agents that default to basic auth by adding the configuration option login.browser.user.agent to your sakai.properties file, as in the following example:
login.browser.user.agent.count=4
login.browser.user.agent.1=0.*Thunderbird.*
login.browser.user.agent.2=1Mozilla.*
login.browser.user.agent.3=0i[tT]unes.*
login.browser.user.agent.4=0Jakarta Commons-HttpClient.*
login.browser.user.agent.5=0.*Googlebot/2.1.*
login.browser.user.agent.6=0[gG]oogle[bB]ot.*
login.browser.user.agent.7=0curl.*
The leading 0 or 1 determines whether or not to use basic auth. A leading 0 indicates that basic auth should be used for an agent. A leading 1 means basic auth should not be used for that agent.
In addition, if _auth=basic is a parameteter in the URL (eg rss.xml?_auth=basic ) the URL will always use Basic Authentication.
This assumes that your users are not authenticating with something that must have a browser (CAS, WebAuth etc (eg WebISO)). If they do, Sakai doesn't have any means of validating their password. Short of rewriting all your Desktop apps, the best solution would be to use a modified User Directory Provider, which is the approach that Ian Boston and others have suggested.