[ http://nagoya.apache.org/jira/browse/JS2-129?page=history ] Roger Ruttimann closed JS2-129: -------------------------------
Resolution: Fixed Fix Version: 2.0-M1 Added SSO component to J2 (component/sso) > Single Sign-On Component > ------------------------ > > Key: JS2-129 > URL: http://nagoya.apache.org/jira/browse/JS2-129 > Project: Jetspeed 2 > Type: New Feature > Environment: all > Reporter: Roger Ruttimann > Assignee: Roger Ruttimann > Fix For: 2.0-M1 > > Introduction > ---------------- > Since a user is logged in into the portal he/she should never be asked to > login again to see any content. Web portlets or IFrame portlets which refer > to external (to the Web Portal) sites might be only visible after a login (if > the target site requires authentication). This behavior can be annoying > especially if the portal integrates different applications that all require > authentication. > Proposal > ------------ > The J2 framework will be extended with a component (SingleSignonComponent) > that does a lookup in the database to find credentials for a site (url) and a > jetspeed user. The credentials could be assigned to a user, group or a role > (Priority needs to be defined like User, Group, Role or better order should > be customizable). > For the first implementation two modes will be supported: > Username/password (HTTP Post) > --> Portlets (IFrame, Webpage) will call into SingleSignonComponent with the > site (url) and the principal. The returned credentials can be used to add > them as parameters to the URL > Basic Authentication (HTTP Basic Authentication) > --> Since many sites use Basic Authentication another API updates the request > so that it uses BasicAuthentication with the credentials returned by the > lookup (site, principal). > At a later stage the SingleSignonComponent API could be extended with > certificates and cookie based authentication. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://nagoya.apache.org/jira/secure/Administrators.jspa - If you want more information on JIRA, or have a bug to report see: http://www.atlassian.com/software/jira --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]