dee factorial wrote:
I mean that I wish to access the portal user properties/attributes that the
portal contains. my scenario is simple. I have a php web application, lets
say a forum, a user registers using jetspeed, the registration
propigates to
the forum(I'm still a little vauge as to how this is done.) then when the
user logs onto jetspeed a portlet with the forum shows up with the user
logged on.
how do you get access the the portlet attributes within the php application
? or do you just use the form based authentication to register the user in
the php application using the SSOWebContentPortlet? I'm a little unclear as
to how it is all done and it looks as though there a mulitple ways to go
about it. I'm just trying to find the best way.
Any help is much appreciated.
Thanks.
OK, it sounds like you want to simply get the user automatically logged
in. There are a number of ways to get that working, such as a federated
authentication solution. The SSOWebContent portlet is another good
solution. It handles passing the credentials from the portal to your php
web application. Additional user parameters could be passed in as
request parameters, or even post parameters. The WebContentPortlet
supports this.
Sounds like you need to learn a bit more about SSOWebContent portlet, or
the SSOIFrame portlet. (The SSOIFramePortlet doesn't yet support
form-based authentication, coming soon)
First, here is all the docs Im aware of:
http://portals.apache.org/jetspeed-2/multiproject/jetspeed-sso/index.html
http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/design-docs/src/sso/
If you have Jetspeed running on your localhost, try out our demo of SSO.
Login as admin, and go here:
http://localhost:8080/jetspeed/portal/p002.psml
Goto the 2nd portlet on the bottom "SSO Web Content"
Its almost setup for the NY Times site.
Just need to enter the credentials:
username = jetspeed_test0
password = jetspeed
As you can see, it works but its a little sloppy.
That is because the CSS styles are not being included in the proxied
WebContent under the <head> area. At the time of writing this portlet,
we didn't have a header phase built into Jetspeed. We now do support a
header phase, so its just a matter of implementing the header phase in
the WebContent portlet.
The SSOWebContentPortlet supports 3 kinds of authentication:
1. Form
2. Basic
3. Query Params
IMPORTANT: a little Additional Documentation is in help mode
Click on the "i" button of the SSOWebContentPortlet
Areas that need improvement:
1. CSS integration
2. better customization in general
3. customization for content rewrite rules
4. better icons for next, prev, refresh
5. SSOIFrame has lagged behind the SSOWebContentPortlet
Where as the SSOWebContent has form and basic authentication,
the SSOIFrame only supports the authentication queryparams.
Additionally, SSOWebContent tracks cookies, SSOIFrame does not.
Where as this might not seem to be important for an IFrame since the
IFrame has prebuilt support for navigation, the problem occurs when you
navigate to another page, and then come back to the IFrame portlet, you
will lose navigational state.
---------------------------------------------------------
You can use the SSO Administration portlet to administer your SSO
credentials.
So lets take the JIRA issue tracking system as an example, you could
enter something like:
Site Name: JIRA Server
Site URL: https://issues.apache.org/jira/secure/Dashboard.jspa
Realm: (leave blank - for basic authentication)
Field name for User ID: os_username
Field name for Password value: os_password
Press Save.
Now click on the JIRA Site, to get the details on the LHS:
Here you can enter:
Portal Principal: either a portal user or portal group
Remote Principal: the remote user principal name
Remote Credential: the remote user credential (password)
Notice that there are two icons you can click on, the first gives a list
of users, the second a list of groups. Its important to point out a bad
UI design. The portal principal defaults to a user. You can only change
that to a group by actually selecting the group from the popup. Thats
bad, and we need to fix it. (A hidden field is populated by the popup)
Its an association mapping between:
Site -> Portal Principal -> Remove Credentials
When any user navigates to an SSO portlet, upon render it queries the
SSO store, trying to find a user credential. If it fails, it next
queries the SSO store for all groups that the user is in. If it fails
there it switches to edit mode, allowing you to configure the portlet
for the user only (not group). Upon success (either with user or group
credential) it attempts to login, with the SSOWebContent portlet, using
the configured authentication mode (Form, Basic, Param) in the portlet,
or with the SSOIFrame using on the Param case.
Additionally, the SSOWebContent and SSOIFrame portlets can also update
the SSO credential store from edit mode
If there are no credentials found in view mode, the SSOWebContent and
SSOIFrame portlets automatically switch to edit mode, as you can see in
the demo.
Finally, I want to point out that the Jetspeed SSO is a portal-centric
credential store solution. Where as Shibboleth or Josso or CAS are
federated identity provider solutions: much more complicated beast.
At my organization we have successfully integrated Jetspeed with the
Athens Eduserv Federated Authentication server. We are also close to
integrating with Shibboleth, although its been really painful.
I think the SSO solution in Jetspeed needs more testing and bug fixing.
It does have a lot of potential. If we could get the IFrame portlet
supporting the same authentication kinds as the WebContent, that would
be a great start.
As for using the Jetspeed SSO approach vs. the PHP bridge, its up to you
what best fits your needs. Maybe try out both, and see which approach
works best. I used the PHP bridge on one project a while back. It seemed
to work OK, but I would think the PHP 4 limitation is a roadblock for
most users.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
