В Чтв, 19/04/2012 в 12:50 -0300, Federico Alberto Sayd пишет: > On 19/04/12 12:19, Покотиленко Константин Александрович wrote: > > В Чтв, 19/04/2012 в 10:04 -0300, Federico Alberto Sayd пишет: > >> Hello > >> > >> I am trying to integrate a jabber chat client into SOGo[1]. Both jabber > >> server (openfire) and SOGo uses the same authentication backend (ldap). > >> > >> I load the chat client that is a javascript aplication modifying the > >> UIxPageFrame.wox template in the sogo user home and including the > >> javascript > >> > >> My question is if is there any method to retrieve user and password from > >> session and then pass them to javascript to authenticate the user in the > >> chat server? > >> > >> Thanks for any answer > > Passing username/password server-side to client-side (sogo->js) is a bad > > idea because of the security of js. > I know but the jabber clients that I found are implemented in client > side javascript
That's why I suggest OTP as secure solution. You use portal's security to login and generate OTP and since it's "one-time" you can use it in JS securely. Once you are logged to XMPP - OTP is not longer valid. If you'll need to reconnect to XMPP you'll need to request OTP again. > > > > We've recently implemented js chat client in portal, we used this > > technic: > > > > 1. Loging to portal, retrieve OTP > By "portal" do you mean SOGo? I do not know nothing about SOGo > implementing OTP. The portal I was talking about is Drupal. Don't know how difficult this will be to implement in SOGo. > What chat client do you use in your application? Client side is strophe.js > > 2. Use this OTP to login to XMPP > > 3. Rewrite auth plugin to check OTP first and in case of failure also > > check pass > > > Thanks > -- > [email protected] > https://inverse.ca/sogo/lists -- [email protected] https://inverse.ca/sogo/lists
