Ashley wrote:
Well, The Whole Thing seems reasonable; however, maybe you'll provide
me with some idea on more complex setup?
I want to AUTHENTICATE users via some external SSO, but KEEP users
once they've been authenticated into database.
I have (still) no good idea on interaction of Realm, Password and
Store...
This might be a way to approach it:
http://openid.net/specs/openid-simple-registration-extension-1_1-01.html
Use OpenID to authenticate and the simple registration protocol to
save their info in your own DB (in this case there would be no local
password saved, the realm would always be the OpenID path and I'm not
sure how you'd connect that with your local store. OpenID accounts are
free at several sites so it's not a high barrier to entry. There is a
family of CPAN modules by Brad Fitzpatrick and I think one or two
OpenID plugins for Cat. The protocol is pretty simple but hacking on
it can be very confusing and can make certain setups tricky (I chased
a bug for 10 hours doing the stuff b/c I stupidly had the id server
address set to / when the real resource was /index.pl).
OpenID for authentication with role-based authorization seems to be a
reasonable thing, isn't it? For now, I've made an EXTREMLY simple SSO,
just to prove the concept. Once I'll get Catalyst modules to work (with
SSO-based authentication and role-based authorization) I'll look at OpenID.
Alex
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
