Daniel-- It's really up to you how you construct the hand-shake between the authentication layer and your trusted login Dynament. If a SQL DB saved digest/hash/token needs to be passed along by the client, your Dynament just needs to hit the DB before effecting the log in.
Henry On Mon, Feb 21, 2011 at 2:22 AM, Daniel <[email protected]> wrote: > Hi Henry Lu, > > thanks for your input. Your detailed description helps me a lot, > understanding on how I can setup SSO (without RedDot/OT :) ). Sorry if > I am getting something wrong, but isn't there a problem, when having a > login:trusted Dynament page? What if somebody navigates to this page > directly without having visited the outside SSO Servlet/JSP first? > Isn't that a security risk? Could e.g. a security token written in a > SQL Database by the SSO external part and checked by the RedDot > internal XML Action, be a way to have unauthenticated users denied to > login automatically? > > Daniel > > On 18 Feb., 15:08, "Henry Lu a.k.a. Javahand" <[email protected]> > wrote: > > Daniel-- > > > > 1. It is doable. > > 2. The way to do it is basically a one-two punch. One, create a Java > > application (or a simple JSP page, if you can wrap all the > authentication > > against OpenID functionality in) and deploy it into LiveServer's app > server > > -- Tomcat. You can even deployed to the /cps/ directory. Two, when a > visitor > > authenticates successfully, redirect him/her to your project's special > login > > page in LiveServer/Delivery Server. This special login page can be > just a > > simple xml page that uses the login:trusted Dynament which basically > logs a > > user in without checking password and giving that user a bona fide > session. > > This Dynament should also thereafter redirect the user to your regular > > LiveServer start page. > > > > The full authentication cycle is thus complete. > > > > =============== > > The bottom line of any DeliveryServer SSO integration is to actually > handle > > the authentication OUTSIDE the /cps/rde/ LiveServer app, in a separate > app. > > Then force LiveServer to log the user in in "trusted" mode. > > > > Be it ActiveDirectory, LDAP or any other format of directory service, > this > > is the way I've always handled SSO successfully. > > =============== > > > > In case you need various levels of authorization (personalized content > > delivery -- as LiveServer is good for.) you would have to duplicate the > user > > universe in LiveServer's directory. This can be done by creating a > Connector > > and set a schedule to synchronize the user base on interval. > > > > I've got NTLM SSO with LiveServer and Apache LDAP (single SSO between > Drupal > > and LiveServer) working in the afore-described fashion seamlessly. > > > > Henry Lu, a.k.a., Javahand > > > > > > > > > > > > On Thu, Feb 17, 2011 at 10:25 AM, Daniel <[email protected]> > wrote: > > > Hi there, > > > > > we are currently thinking about setting up an authentication for our > > > web applications (not all provided by RedDot / Open Text). An idea was > > > to use OpenID protocol to have Single Sign-On. Has anyone of you > > > experiences with using Open Text Delievery server and OpenID? Is this > > > even possible? > > > > > Thanks for your feedback! > > > Daniel > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "RedDot CMS Users" group. > > > To post to this group, send email to [email protected] > . > > > To unsubscribe from this group, send email to > > > [email protected] > <reddot-cms-users%2BunsubscribÂ[email protected]> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/reddot-cms-users?hl=en. > > > > -- > > 646-807-8683- Zitierten Text ausblenden - > > > > - Zitierten Text anzeigen - > > -- > You received this message because you are subscribed to the Google Groups > "RedDot CMS Users" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/reddot-cms-users?hl=en. > > -- 646-807-8683 -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
