Re: SSO features, administrator's documentation?

Fri, 12 Aug 2005 00:46:35 -0700 

Andrej Vanek wrote:

The http://portals.apache.org/jetspeed-2/sso.html does not tell too much..


true

not much ...
http://svn.apache.org/repos/asf/portals/jetspeed-2/trunk/design-docs/src/sso/



There is also the SSO Admin portlet, and integration into the SSO IFrame 
and SSO WebContent portlets.



Although the security documentation is getting very nice and useful!

(1) Can anybody tell rough features of Jetspeed-2's SSO?
What scenarios does it cover?


Its a simple credential store solution.

Credentials are stored by Site (remote URL) in a 1..n assocation between 
Site and Portal Principal (Jetspeed User or Group), and a Remote 
Principal and Remote Credential. The SSO iframe or web content portlets 
will look at the current portal principal (subject), and when retrieving 
a hosted iframe or remote site, try to find a matching credential using 
the API:


SSOContext context = sso.getCredentials(subject, site);

Credentials can be associated with a user or group.

Thus if a user is a part of a group, then the group's credentials can be 
 automatically passed in.



The solution still needs a bit of work, major missing pieces:
* encryption
* certificates

The method of authenticating also needs some enhancements.
Only one solution is supported: request parameters

In summary I think we have a good framework, but it needs more work.


p.e. SSO between portlets and their back-end systems, or between the
jetspeed-2 portal web-application and other independend web applications
running on the same Tomcat container, or even something else??


Either way, doesnt matter.
Just set the URL in the Site (see the Admin portlet)



(2) Does anybody on documentation of Jetspeed-2's SSO? (I'd like to know if
it will be reachable by middle or end of this month)


Well Im scheduled to do some work in this area later this month
Maybe we can work together on completing it and documenting
What do you think?

--
David Sean Taylor
Bluesunrise Software
[EMAIL PROTECTED]
[office] +01 707 773-4646
[mobile] +01 707 529 9194

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]















    











					Reply via email to