Secure RSS Feeds

Ray Augé
Ray Augé
Less Than a Minute Read

All secure RSS feeds now transparently support BASIC  Authentication.

The behavior is such that when you're logged in, the feeds will simply work as expected if you open them directly in the browser. If you log out, you'll suddenly be promted for BASIC  Authentication. If you use the url with an external RSS client and that client supports BASIC Authentication then simply give your credentials and you should be good to go.

Pleae note that BASIC Authentication transfers your passwords over the internet/network in plain text, so make sure that you have SSL enabled if you care about such things.

An alternative is also to enabled DIGEST Authentication (just add an init parameter for "digest_auth" in the filter declaration and restart).

Note of you're using an SSO of some kind, and the client making the request speaks in your SSO's toung, then of course you don't have to worry about any of this.

 

Enjoy!

(Update: The issue was resolved as of LPS-12308 r73243.)

Page Comments
thumbnail
Tobias S. Käfer
14 Years Ago
Thank you very much Ray.
I didn't know that there was the ability to add a regex to the filter.
Everything would have been much easier emoticon
Please sign in to reply.
thumbnail
Chris Whittle
14 Years Ago
Can you do this with Web Content Feeds?
Please sign in to reply.
thumbnail
Ray Augé Chris Whittle
14 Years Ago
Yes! The key is to make those originate from a private page.

So, when creating your feed, just make sure that the page friendly url you specify is private.
Please sign in to reply.
thumbnail
Chris Whittle Ray Augé
14 Years Ago
Thanks Ray! We are currently working towards this so it comes at a great time.... Do you have an example of how I would format the url to be used in the RSS Feed to Basic Authentication?
Please sign in to reply.
thumbnail
Ray Augé Chris Whittle
14 Years Ago
If you are talking specifically about the Feeds you define in the Web Content portlet on the Feeds tab, then the url is generated for you.

For other feeds, those depend on the portlet, and you don't have to reformat the urls in any way. The basic auth is transparently applied after the fix.

(Updating above with rev and ticket #).
Please sign in to reply.
thumbnail
Chris Whittle Ray Augé
14 Years Ago
Thanks Ray, I am talking about the Feeds from the Web Content Portlet...
I want to generate a secure Web Content Feed from a private community and share it with other private communities..
Is this possible with what you are talking about?
Please sign in to reply.
thumbnail
Ray Augé Chris Whittle
14 Years Ago
It will work yes! You have nothing to do after having this fix. Simply, if the client is not authenticated when making a request to the feed (yes Web Content Feed that specifies a private "Target Page Friendly URL"), basic authentication will kick in.
Please sign in to reply.
eric rafel
11 Years Ago
My RSS feed from forum is broken,
https://www.appex.com/en/web/boite-a-idees/home/-/message_boards/rss?p_l_id=41234&_19_mbCategoryId=41224&

p_l_id has no value causing 404 error.
Please sign in to reply.

Related Assets...

No Results Found

More Blog Entries...