Well, let me explain what exact we are looking is SSO and not authentication from LDAP or AD.
A user logson to windows and opens the browser and hit Portal site (in J2) URL. The portal recognizes him (SSO) and should be able to automatically set session in J2 and allow user to access the Portal site. For time being i'm looking for Windows but user platform can be anything. Jetspeed supports NTLM authentication using jCIFS but it has limitation to work only with NTLMv1. For each user platform there should be separate implementation as for windows it NTLM. Am i missing something? What are your recommendations please? On Tue, Dec 14, 2010 at 12:28 AM, Ron Wheeler < rwhee...@artifact-software.com> wrote: > On 13/12/2010 9:02 AM, anyz wrote: > >> Couold you please guide me towards some documentation/tutorial to set up >> SSO >> the OS (e.g. with Windows/iSeries). For example user is already logged on >> to >> OS and then access the Portal URL. In this case user should not be >> prompted >> for login but should be given access to Portal site. >> >> Provided the Jetspeed users database is in-sync with OS and all users in >> OS >> also exists in Jetspeed. >> >> Thanks >> >> We have done a few SSO setups with Jetspeed. > > In SSO, you need to have some sort of trust relationship between the system > sending the person to your site and the site itself. > In addition, you need a mechanism to pass the authenticated identity to > your site. > > Jetspeed can authenticate against AD once you link AD to your server as an > LDAP server that the site can ask the user for a username and a password and > ask AD to authenticate the user. > http://www.linux.com/archive/feed/40983 might be a good starting point. > Google "AD authentication for Linux" for lots more description of AD from a > point of view that helps in a non-MS environment. > > If you have a trusted process running somewhere that can authenticate the > user and give the Jetspeed login a way to know that the person using the > browser to connect to your Jetspeed site is in fact known to be who they are > logging in as, you can use SSO. > > We have a client's internal portal sending authenticated users to our > portal using SAML. > The client's portal authenticates the user and then gives the user's > browser a URL to our site that includes the information that we can use to > determine who they are. > > Ron > > --------------------------------------------------------------------- > To unsubscribe, e-mail: jetspeed-user-unsubscr...@portals.apache.org > For additional commands, e-mail: jetspeed-user-h...@portals.apache.org > >
