Daniel--

It's really up to you how you construct the hand-shake between the
authentication layer and your trusted login Dynament. If a SQL DB saved
digest/hash/token needs to be passed along by the client, your Dynament just
needs to hit the DB before effecting the log in.

Henry

On Mon, Feb 21, 2011 at 2:22 AM, Daniel <[email protected]> wrote:

> Hi Henry Lu,
>
> thanks for your input. Your detailed description helps me a lot,
> understanding on how I can setup SSO (without RedDot/OT :) ). Sorry if
> I am getting something wrong, but isn't there a problem, when having a
> login:trusted Dynament page? What if somebody navigates to this page
> directly without having visited the outside SSO Servlet/JSP first?
> Isn't that a security risk? Could e.g. a security token written in a
> SQL Database by the SSO external part and checked by the RedDot
> internal XML Action, be a way to have unauthenticated users denied to
> login automatically?
>
> Daniel
>
> On 18 Feb., 15:08, "Henry Lu a.k.a. Javahand" <[email protected]>
> wrote:
> > Daniel--
> >
> >    1. It is doable.
> >    2. The way to do it is basically a one-two punch. One, create a Java
> >    application (or a simple JSP page, if you can wrap all the
> authentication
> >    against OpenID functionality in) and deploy it into LiveServer's app
> server
> >    -- Tomcat. You can even deployed to the /cps/ directory. Two, when a
> visitor
> >    authenticates successfully, redirect him/her to your project's special
> login
> >    page in LiveServer/Delivery Server. This special login page can be
> just a
> >    simple xml page that uses the login:trusted Dynament which basically
> logs a
> >    user in without checking password and giving that user a bona fide
> session.
> >    This Dynament should also thereafter redirect the user to your regular
> >    LiveServer start page.
> >
> > The full authentication cycle is thus complete.
> >
> > ===============
> > The bottom line of any DeliveryServer SSO integration is to actually
> handle
> > the authentication OUTSIDE the /cps/rde/ LiveServer app, in a separate
> app.
> > Then force LiveServer to log the user in in "trusted" mode.
> >
> > Be it ActiveDirectory, LDAP or any other format of directory service,
> this
> > is the way I've always handled SSO successfully.
> > ===============
> >
> > In case you need various levels of authorization (personalized content
> > delivery -- as LiveServer is good for.) you would have to duplicate the
> user
> > universe in LiveServer's directory. This can be done by creating a
> Connector
> > and set a schedule to synchronize the user base on interval.
> >
> > I've got NTLM SSO with LiveServer and Apache LDAP (single SSO between
> Drupal
> > and LiveServer) working in the afore-described fashion seamlessly.
> >
> > Henry Lu, a.k.a., Javahand
> >
> >
> >
> >
> >
> > On Thu, Feb 17, 2011 at 10:25 AM, Daniel <[email protected]>
> wrote:
> > > Hi there,
> >
> > > we are currently thinking about setting up an authentication for our
> > > web applications (not all provided by RedDot / Open Text). An idea was
> > > to use OpenID protocol to have Single Sign-On. Has anyone of you
> > > experiences with using Open Text Delievery server and OpenID? Is this
> > > even possible?
> >
> > > Thanks for your feedback!
> > > Daniel
> >
> > > --
> > > You received this message because you are subscribed to the Google
> Groups
> > > "RedDot CMS Users" group.
> > > To post to this group, send email to [email protected]
> .
> > > To unsubscribe from this group, send email to
> > > [email protected]
> <reddot-cms-users%2Bunsubscrib­[email protected]>
> > > .
> > > For more options, visit this group at
> > >http://groups.google.com/group/reddot-cms-users?hl=en.
> >
> > --
> > 646-807-8683- Zitierten Text ausblenden -
> >
> > - Zitierten Text anzeigen -
>
> --
> You received this message because you are subscribed to the Google Groups
> "RedDot CMS Users" group.
> To post to this group, send email to [email protected].
> To unsubscribe from this group, send email to
> [email protected].
> For more options, visit this group at
> http://groups.google.com/group/reddot-cms-users?hl=en.
>
>


-- 
646-807-8683

-- 
You received this message because you are subscribed to the Google Groups 
"RedDot CMS Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/reddot-cms-users?hl=en.

Reply via email to