Hello Jeff, I was able to accomplish this by using a virtual session (my terminology). By virtual I mean a session in concept only that exists outside of the Turbine realm.
What I did was allow the originating app to setup/initialize the data for a virtual session. The system can recognize (by looking at the URL) when it is jumping to a different app. Whenever it jumps to the other app it includes the virtual session id within the url. The other app then sets up its own Turbine session and links back to this virtual session. (The virtual session information is stored within a table). Part of the trick is to have the second app automatically re-load any authentication into its own session. I stored the name of the authentication object within one of the virtual session tables and then re-instantiated within the second session to duplicate the authentication. To be honest this was not a trivial problem to solve. I spent a number of weeks on it before I got it all working correctly. The biggest problem I ran into was not jumping to the second app, but jumping back to the first app without having it create yet another session. One interesting thing that I seemed to run into is that the jsessionid was case sensitive. I used JSESSIONID within the cookies, and jsessionid within the url. Our motivation for doing this was to be able to cobble together various sites from sets of re-useable Turbine apps. We also needed it to work with or without cookies. Perhaps it was a mistake on my part, but I did NOT make use of the built in Turbine security model. I basically wrote my own. It would be rather cool if there was a pre-made solution out there for Turbine single signon across apps or servers. I wasn't aware of one so I built it myself. ... The previous company that I worked for was using an Apache session (php app) to perform the initial login, storing the information, and then including the apache sessionid within the url so that the turbine apps could load their session information as necessary. This is similar in concept and seemed to work well also. Tony Oslund -----Original Message----- From: Jeffrey D. Brekke [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 11:58 PM To: Turbine Users List Subject: Single Sign On and Turbine Has anyone integrated a single sign on solution for multiple turbine web applications? We are considering using a single turbine applications, authenticating against active directory. When the user is logged in, throw the session id and username into a table. Then the other applications, using a customer session revalidation, check if the user is logged in as usual, if not, check if the id exists in the table and if so, create an authenticated user for use in that turbine app. But, how do we get the same cookie from one app into another? Are there any other ways to do sso with turbine in use? -- ===================================================================== Jeffrey D. Brekke [EMAIL PROTECTED] Wisconsin, USA [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.bloglines.com/blog/jbrekke [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
