В Чтв, 19/04/2012 в 18:15 +0200, Martin Rabl пишет: > Hi, > > Am 19. April 2012 17:50 CEST, Federico Alberto Sayd <[email protected]> > schrieb: > > > Passing username/password server-side to client-side (sogo->js) is a bad > > > idea because of the security of js. > > I know but the jabber clients that I found are implemented in client > > side javascript > You want to implement a type of Single-Sign-On for the jabber client. > Compare the architecture of SOGo with your clients - all stuff in SOGo will > be done at the server side, which is by definition a secure site. The user > (and its client aka browser ) never will see a password again after login - > thats makes it a bit secure. > For your problem I would suggest searching a serverside driven solution with > a lightweight browser client. > Then look if this solution accepts login via htaccess-logon-dialogs AND > switch SOGo to accept this one instead using the form-login (there is a > documentet switch in the configuration, please search for it). > Give it a try if this could be a way. If not - maybe you have a look for CAS > (when your Jabber-Client speaks CAS).
The main reason for client-side (JS) xmpp client - it's the only lightweight way to make chat "instant". > My personal opinion: stop try to integrate your jabber with SOGo. I think it > is better to use a platform client for Win, Unix etc., which authenticates > against the source SOGo uses. Platform client is better if you are using it everyday, this is not the case for majority of nowadays' visitors. -- [email protected] https://inverse.ca/sogo/lists
