Hi Henry Lu,

thanks for your input. Your detailed description helps me a lot,
understanding on how I can setup SSO (without RedDot/OT :) ). Sorry if
I am getting something wrong, but isn't there a problem, when having a
login:trusted Dynament page? What if somebody navigates to this page
directly without having visited the outside SSO Servlet/JSP first?
Isn't that a security risk? Could e.g. a security token written in a
SQL Database by the SSO external part and checked by the RedDot
internal XML Action, be a way to have unauthenticated users denied to
login automatically?

Daniel

On 18 Feb., 15:08, "Henry Lu a.k.a. Javahand" <[email protected]>
wrote:
> Daniel--
>
>    1. It is doable.
>    2. The way to do it is basically a one-two punch. One, create a Java
>    application (or a simple JSP page, if you can wrap all the authentication
>    against OpenID functionality in) and deploy it into LiveServer's app server
>    -- Tomcat. You can even deployed to the /cps/ directory. Two, when a 
> visitor
>    authenticates successfully, redirect him/her to your project's special 
> login
>    page in LiveServer/Delivery Server. This special login page can be just a
>    simple xml page that uses the login:trusted Dynament which basically logs a
>    user in without checking password and giving that user a bona fide session.
>    This Dynament should also thereafter redirect the user to your regular
>    LiveServer start page.
>
> The full authentication cycle is thus complete.
>
> ===============
> The bottom line of any DeliveryServer SSO integration is to actually handle
> the authentication OUTSIDE the /cps/rde/ LiveServer app, in a separate app.
> Then force LiveServer to log the user in in "trusted" mode.
>
> Be it ActiveDirectory, LDAP or any other format of directory service, this
> is the way I've always handled SSO successfully.
> ===============
>
> In case you need various levels of authorization (personalized content
> delivery -- as LiveServer is good for.) you would have to duplicate the user
> universe in LiveServer's directory. This can be done by creating a Connector
> and set a schedule to synchronize the user base on interval.
>
> I've got NTLM SSO with LiveServer and Apache LDAP (single SSO between Drupal
> and LiveServer) working in the afore-described fashion seamlessly.
>
> Henry Lu, a.k.a., Javahand
>
>
>
>
>
> On Thu, Feb 17, 2011 at 10:25 AM, Daniel <[email protected]> wrote:
> > Hi there,
>
> > we are currently thinking about setting up an authentication for our
> > web applications (not all provided by RedDot / Open Text). An idea was
> > to use OpenID protocol to have Single Sign-On. Has anyone of you
> > experiences with using Open Text Delievery server and OpenID? Is this
> > even possible?
>
> > Thanks for your feedback!
> > Daniel
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "RedDot CMS Users" group.
> > To post to this group, send email to [email protected].
> > To unsubscribe from this group, send email to
> > [email protected]<reddot-cms-users%2Bunsubscrib­[email protected]>
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/reddot-cms-users?hl=en.
>
> --
> 646-807-8683- Zitierten Text ausblenden -
>
> - Zitierten Text anzeigen -

-- 
You received this message because you are subscribed to the Google Groups 
"RedDot CMS Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/reddot-cms-users?hl=en.

Reply via email to