Hi Henry Lu, thanks for your input. Your detailed description helps me a lot, understanding on how I can setup SSO (without RedDot/OT :) ). Sorry if I am getting something wrong, but isn't there a problem, when having a login:trusted Dynament page? What if somebody navigates to this page directly without having visited the outside SSO Servlet/JSP first? Isn't that a security risk? Could e.g. a security token written in a SQL Database by the SSO external part and checked by the RedDot internal XML Action, be a way to have unauthenticated users denied to login automatically?
Daniel On 18 Feb., 15:08, "Henry Lu a.k.a. Javahand" <[email protected]> wrote: > Daniel-- > > 1. It is doable. > 2. The way to do it is basically a one-two punch. One, create a Java > application (or a simple JSP page, if you can wrap all the authentication > against OpenID functionality in) and deploy it into LiveServer's app server > -- Tomcat. You can even deployed to the /cps/ directory. Two, when a > visitor > authenticates successfully, redirect him/her to your project's special > login > page in LiveServer/Delivery Server. This special login page can be just a > simple xml page that uses the login:trusted Dynament which basically logs a > user in without checking password and giving that user a bona fide session. > This Dynament should also thereafter redirect the user to your regular > LiveServer start page. > > The full authentication cycle is thus complete. > > =============== > The bottom line of any DeliveryServer SSO integration is to actually handle > the authentication OUTSIDE the /cps/rde/ LiveServer app, in a separate app. > Then force LiveServer to log the user in in "trusted" mode. > > Be it ActiveDirectory, LDAP or any other format of directory service, this > is the way I've always handled SSO successfully. > =============== > > In case you need various levels of authorization (personalized content > delivery -- as LiveServer is good for.) you would have to duplicate the user > universe in LiveServer's directory. This can be done by creating a Connector > and set a schedule to synchronize the user base on interval. > > I've got NTLM SSO with LiveServer and Apache LDAP (single SSO between Drupal > and LiveServer) working in the afore-described fashion seamlessly. > > Henry Lu, a.k.a., Javahand > > > > > > On Thu, Feb 17, 2011 at 10:25 AM, Daniel <[email protected]> wrote: > > Hi there, > > > we are currently thinking about setting up an authentication for our > > web applications (not all provided by RedDot / Open Text). An idea was > > to use OpenID protocol to have Single Sign-On. Has anyone of you > > experiences with using Open Text Delievery server and OpenID? Is this > > even possible? > > > Thanks for your feedback! > > Daniel > > > -- > > You received this message because you are subscribed to the Google Groups > > "RedDot CMS Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<reddot-cms-users%2Bunsubscrib[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/reddot-cms-users?hl=en. > > -- > 646-807-8683- Zitierten Text ausblenden - > > - Zitierten Text anzeigen - -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
