Author: jleroux Date: Thu Sep 20 14:59:18 2018 New Revision: 1841478 URL: http://svn.apache.org/viewvc?rev=1841478&view=rev Log: Documented: Document the automated authentification from a domain to another (OFBIZ-10562)
Commits WIP before changing the file name (cross fits more than inter) Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc?rev=1841478&r1=1841477&r2=1841478&view=diff ============================================================================== --- ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc (original) +++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc Thu Sep 20 14:59:18 2018 @@ -16,6 +16,23 @@ KIND, either express or implied. See th specific language governing permissions and limitations under the License. //// -= Authenticated inter-domains navigation += Authenticated cross-domains navigation -This feature allows to navigate from a domain to another with automated signed in authentication. \ No newline at end of file +In some cases you need to split applications on different servers, and possibly in production on different domains.This can happen for different reasons, most often for performance reason. + +As it's annoying to give a credential when changing from an OFBiz application to another on the same server, it's annoying to give a credential when changing from an OFBiz application to another on another domain. + +To handle automated sign in from an application to another we have currently 2 possibilities in OFBiz +* externalLoginKey +* Tomcat SSO (not used OOTB) + +This feature allows to navigate from a domain to another with automated signed in authentication. + +It based on 3 technologies: + +. https://jwt.io/[JWT Official site] - +https://en.wikipedia.org/wiki/JSON_Web_Token[Wikipedia for JWT] +. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS[CORS (Mozilla doc)] - https://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Wikipedia for CORS] +. Ajax, now well known I guess, in OFBiz we use jQuery for that. + +The mechanism is simple. The user is given a JavaScrip link