If you're using FC 5.x you should look at creating a full user directory (see http://docs.farcrycms.org/display/FCDEV50/Security+refactoring). While it is possible to fake a login it tends to be very buggy and if something goes wrong noone in the community will be able to help.
Blair P.S. If you have any problems with the docs, please comment on them. :) On Fri, Sep 12, 2008 at 4:01 AM, Tomek Kott <[EMAIL PROTECTED]> wrote: > I doubt I will be that well organized to make it a nice and easy plugin, > but I'll certainly release the CF script and my custom login to get people > started. > > I've already got two other things I want to write up and release, but the > website is going live this weekend, so until then, all focus on development. > > Tomek > > > On Thu, Sep 11, 2008 at 1:05 PM, Jeff Coughlin <[EMAIL PROTECTED]>wrote: > >> >> Any chance that when you're done this will be a plugin for others who >> might use the same Central Authentication Service? >> >> -- >> Jeff Coughlin >> Web Application Developer >> http://jeffcoughlin.com >> >> On Sep 11, 2008, at 10:28 AM, Tomek Kott wrote: >> >> > Hi All, >> > >> > I'm working on putting in place a login based on a Central >> > Authentication Service (http://www.ja-sig.org/products/cas/) that >> > the university has in place. I have a CF template that checks the >> > login information and returns a ticket value that can then be >> > checked against a server. To the farcry login screen, I think I can >> > send the ticket information and the username of who logged in. >> > >> > What I am thinking is that the authentication should go something >> > like: >> > • user logs in using CAS >> > • CAS returns ticket and username information to FC login >> > • FC login checks if username is present in user library >> > • If it is, then FC checks if the ticket is valid (against >> > existing server) >> > • If not, FC returns an error saying "username not valid >> for FC" >> > • If both the username and the ticket are valid, FC sets the >> > appropriate permissions as if the user had logged in using FC >> > • Upon loggout or time out, ticket is destroyed >> > Does this logically make sense? And more importantly, is it safe (as >> > long as I trust the CAS to be safe?)? >> > >> > And to do this, all I have to do is write my own login screen, and >> > put it in /farcry/projects/(name)/customadmin/login/login.cfm, or do >> > I also have to extend the >> > >> > application.factory.oAuthentication.login function to check the >> > ticket and username and return true false? >> > >> > Any help would be appreciated! >> > >> > Thanks, >> > >> > Tomek >> >> >> > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "farcry-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/farcry-dev?hl=en -~----------~----~----~----~------~----~------~--~---
