Re: CAS Portal with Shindig

Thu, 02 Oct 2008 03:00:39 -0700

My understanding of CAS is that is that its a WebISO type Authentication System between browser and server, uses browser redirects to a central CAS server for authenticating the user and then redirects back to the target application. I cant remember if there is a server to server credential exchange or if all credential exchange is via the browser (like WebAuth).
OAuth is a server to server authorization mechanism that allows a User the ability to grant a server to talk to another server and perform specific operations. eg MySpace can display your Flickr album once you have told Flickr that its Ok, and transported the OAuth token back from Flickr to MySpace so that the MySpace servers can contact the Flickr web service directly. 


So Shindig + CAS.


Shingid itself doesn't authenticate the User, as its only re  
reference implementation of the standard and not a full blown Social  
Network Application. To make Shindig embedded into an application you  
would put a CAS filter (either at mod_cas, or as a Servlet Filter)  
over the URLs that need protecting, probably just the social-api urls.



Then in your implementation of the Service Provider Interfaces you  
would bind to the CAS credentials and use that to ensure that the  
service requests from the social API are bound to the logged in user  
attached to the request thread.



Does that make sense, if not say and I can point you to the code that  
you need to implement.


Ian


On 2 Oct 2008, at 09:45, <[EMAIL PROTECTED]>  
<[EMAIL PROTECTED]> wrote:



Hello,

I'm developping a portal on top of an Open source ECM solution. This
portal embeds shindig to serve opensocial gadgets.

The portal is CAS compliant. Our problem is that when a gadget (for
instance an RSS Reader) wants to access RSS Feed on this portal,
shindig doesn't have the credentials to make the proxied request.

I'm trying to explore the authentication mechanism of shindig, but if
someone has any advice for me (where to begin ? OAuth explanation
etc...) it would be great !

--
Damien METZLER





Ce message et toutes les pièces jointes sont établis à l'attention  
exclusive de leurs destinataires et sont confidentiels. Si vous  
recevez ce message par erreur, merci de le détruire et d'en avertir  
immédiatement l'expéditeur. L'internet ne permettant pas d'assurer  
l'intégrité de ce message, le contenu de ce message ne représente  
en aucun cas un engagement de la part de Leroy Merlin.


























					Reply via email to