Chris Delgado wrote:
Thanks for the feedback.
Since J2 integrates with JAAS, would it make sense to have J2 create
a JAAS subject for a logged-in user, then store this as a PortletSession
attribute? Then, the portlet could access the JAAS subject to extract
principals and credentials from the Subject. With the obtained credential,
the portlet could then connect via URL using "HTTP basic" authentication
(among other possibilities).
I think putting the Subject in the session would make your portlets
non-portable as the spec. You can't guarantee that every portal server
will be as extensible as Jetspeed 2, allowing to modify the portal
session prior to aggregating the portlet.
One more thing: My initial thought was to create DB schema to hold
credentials, then build a service layer for portlets to access. This is
because in my case (project), I don't have an SSO system to access. In
fact, I was thinking to build a miniature SSO system into J2 (holding
credentials in a DB)....
I wrote a credential vault for J1 and it worked fairly well. It would be
pretty kewl to have a SSO module in JS2 that other apps could access.
But if SSO systems are extremely common (and free :>), maybe this is
overkill and I should just find myself an SSO system to use (instead
of maintaining passwords in a J2 db). Then, the service layer I am
suggesting would just be a JAAS provider into the SSO system.
Depends on what level of complexity and the type of apps that will be
accessing the SSO. It might be as easy using an LDAP server as your
central repository for credentials.
-----Original Message-----
From: Serge Huber [mailto:[EMAIL PROTECTED]
Sent: Friday, August 06, 2004 7:43 AM
To: Jetspeed Developers List
Subject: Re: Jetspeed2 and Single Sign On
JAAS is also a way that a lot of people implement SSO. JAAS providers can
be developped to SSO systems, and then all is well :) And just as luck
would have it J2 integrates with JAAS !
Regards,
Serge Huber.
At 20:50 05.08.2004, you wrote:
Hi Chris,
My current project hooks into an existing based SSO solution. I wrote a
custom valve that checks for the SSO cookie and forwards on to the SSO
login server if it is not found. The SSO server sends me back J2 if
authentication passed. Just to give you an idea of how you can possibly
tackle SSO.
Chris Delgado wrote:
Is anyone currently working on an SSO mechanism for J2? Something that
holds passwords
to other backend systems so that portlets could access them without
requiring the user
to re-authenticate? What I had in mind was something similar to IBM's
"credential vault".
I have requirements for a portal that I'd like to propose using J2; but
SSO
is a must and we'd
be accessing many backend systems.
If nobody's tackling this, is this something I could help contribute to
the
J2 project? Thanks.
Chris Delgado
1703 Durley Down Court
Smyrna GA 30082 USA
[EMAIL PROTECTED]
(404) 931-2557
--
******************************************
* Scott T. Weaver *
* <[EMAIL PROTECTED]> *
* <http://www.einnovation.com> *
* -------------------------------------- *
* Apache Jetspeed Enterprise Portal *
* Apache Pluto Portlet Container *
* *
* OpenEditPro, Website Content Mangement *
* <http://www.openeditpro.com> *
******************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
- -- --- -----=[ shuber2 at jahia dot com ]=---- --- -- -
www.jahia.org : A collaborative source CMS and Portal Server
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
******************************************
* Scott T. Weaver *
* <[EMAIL PROTECTED]> *
* <http://www.einnovation.com> *
* -------------------------------------- *
* Apache Jetspeed Enterprise Portal *
* Apache Pluto Portlet Container *
* *
* OpenEditPro, Website Content Mangement *
* <http://www.openeditpro.com> *
******************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
