Hi Petr, I have done something very similar, so I can give you some pointers:
- if your use case is for authenticating editors on the author instance, you do not need the PUR module - I assume you will be running shibd and the apache shibboleth module - you will want to create a LoginHandler to handle the Shibboleth authentication in magnolia Here is a video from last year's conference, where I talk about the solution I created for the Austrian government Single Sign on: http://www.youtube.com/watch?v=Q3tLU8yr4ts&list=PLxHBbwVVoCobY_J3yhY9sDuhdEzp1x0JD&index=17 http://www.magnolia-cms.com/resources-directory/slideshows/mconf12-rise-sso~5e603a3a-caaf-4304-a65c-822e825fbd4f~.html The basic components you will need will be the same as in this presentation: - A LoginHandler - A Callback object - A JAAS Module, extending Magnolia's Authentication module Basically, your LoginHandler will read the Shibboleth attributes and create a callback object, which it then passes to the JAAS module. The JAAS module will look up (or create) the user, and set the ACLs in the user's session. By looking at how the magnolia class does it you should see how to extend it for your use case. Regards from Vienna, Richard -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Petr Kadlec (via Magnolia Forums) Gesendet: Montag, 09. September 2013 12:04 An: Magnolia User List Betreff: [magnolia-user] Re: Shibboleth authentication Hi, thanks for the answer I will definetely look at the PUR. As for your other suggestions, I think I need to clarify some things: - I will be using shibboleth for logging in to author instance admin central for web editors, it's not for access to some restricted parts of website as PUR is. - There will be no actual page protected by shibboleth agent, only one virtual that will force redirect to shibboleth server for login a then it should process response from shibboleth and logs in given user. - We probably wont have any external authorization, all of that will be set up for users(editors) directly in magnolia after their first login. And still first thing that I need know is where I can find and edit admin central login form template, mainly so I can add "sign in with shibboleth" button. -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=8a808b5f-a23d-4fad-8ceb-88591de5990b You are invited to Magnolia Conference. Less than a month to go! Register now: http://www.magnolia-cms.com/conference/register.html ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ---------------------------------------------------------------- ---------------------------------------------------------------- For list details, see http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: <[email protected]> ----------------------------------------------------------------
