Note:
The SSO component in Jetspeed can't be used for login but for getting
authenticated for links and content accessed within Jetspeed. SSO
credential are assigned to Jetspeed users/groups which allow transparent
authentication of content/external URL's depending on the user.
Roger
Raphaƫl Luta wrote:
Guillaume wrote:
all the facilities are here.
If the password is false, J2 increments counter for disable his...
This is a solution for not seeing another connection to do.
In my case :
The user log into an intranet...
The intranet log inton an extranet (J2) with a authentication between intra and inter following a web sevice which decrypt a String with login/password.
The client (intranet) doesn't want to have to sign on second time to the extranet (J2)
Guillaume
What you want is a SSO (single sign on) solution. This can be implemented at
several level:
- Jetspeed itself has some SSO components although they are designed to allow
SSO from Jetspeed (ie ytou athenticate into J2 and then you don't need to
reauthenticate to access remote resources) rather than your use case
- through a third party SSO provider (Netegrity SiteMinder for commercial,
mod_sso/CAS for OSS for example)
- through some simple cookie based system using mod_usertrack of Apache HTTPD
In all instance, I *strongly* encourage you to use not to use your
current solution in production as it is very insecure. Putting clear-text
login/password in URLs is bad : any sniffer will see them, they will
appear in the log of any proxy between your client and server, they will
appear in the logs of your server.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
