« Return to Thread: SSO Questions
RE: SSO Questions
by justinedelson
::
Rate this Message:
Toby-
For Crowd, in order to implement SSO, I need the ability to get a cookie
and log in the user programmatically. Generally, this is done inside a
Servlet Filter. This needs to happen without user intervention, i.e.
when a user hits Nexus and they have the appropriate cookie sent, they
should be logged in without clicking the "Log in" link.
If a user doesn't have the cookie set, then something inside Nexus (i.e.
the Crowd realm) needs to set the cookie.
On logout, the cookie should be cleared and a SOAP method called.
There is an alternate user flow where users are redirected out to the
Crowd server and then back to Nexus (which as I understand it is the
Shibboleth/SAML flow), but I personally don't like doing that.
I had started to look through the Nexus source to see where the logical
points to insert this logic is, but then (as so often happens), I got
distracted.
Justin
-----Original Message-----
From: Toby Stevens [mailto:tstevens@...]
Sent: Tuesday, February 24, 2009 9:08 AM
To: nexus-dev@...
Cc: dtanner; Edelson, Justin
Subject: SSO Questions
David, (and anyone else interested in SSO)
I had a few more questions about your SSO integration.
Is the user required to interact with a Shibboleth page? (do you have
to send your user to some external web page where they are required to
fill out a form?)
Could you have Nexus send a request from the server side? (using a
username, password, (and maybe organization) collected from a Nexus UI?
Do you need the organization? if so is there some sort of API you can
get the list of Organizations from (Java, REST, SOAP)?
Is it an absolute requirement to read header attributes, or could use
use cookies, something like: http://switch.ch/aai/demo/2/expert.html
I have a bunch of ideas how you 'could' do this, I am sure Tamas can
think of a few more, we just need to find the best one.
Anyone else interested in SSO,
What are your requirements? And what would you need to do? Read
Header attributes? a cookie? Add a Custom login/logout service?
Redirect to a different web app?
-toby
---------------------------------------------------------------------
To unsubscribe, e-mail: nexus-dev-unsubscribe@...
For additional commands, e-mail: nexus-dev-help@...
For Crowd, in order to implement SSO, I need the ability to get a cookie
and log in the user programmatically. Generally, this is done inside a
Servlet Filter. This needs to happen without user intervention, i.e.
when a user hits Nexus and they have the appropriate cookie sent, they
should be logged in without clicking the "Log in" link.
If a user doesn't have the cookie set, then something inside Nexus (i.e.
the Crowd realm) needs to set the cookie.
On logout, the cookie should be cleared and a SOAP method called.
There is an alternate user flow where users are redirected out to the
Crowd server and then back to Nexus (which as I understand it is the
Shibboleth/SAML flow), but I personally don't like doing that.
I had started to look through the Nexus source to see where the logical
points to insert this logic is, but then (as so often happens), I got
distracted.
Justin
-----Original Message-----
From: Toby Stevens [mailto:tstevens@...]
Sent: Tuesday, February 24, 2009 9:08 AM
To: nexus-dev@...
Cc: dtanner; Edelson, Justin
Subject: SSO Questions
David, (and anyone else interested in SSO)
I had a few more questions about your SSO integration.
Is the user required to interact with a Shibboleth page? (do you have
to send your user to some external web page where they are required to
fill out a form?)
Could you have Nexus send a request from the server side? (using a
username, password, (and maybe organization) collected from a Nexus UI?
Do you need the organization? if so is there some sort of API you can
get the list of Organizations from (Java, REST, SOAP)?
Is it an absolute requirement to read header attributes, or could use
use cookies, something like: http://switch.ch/aai/demo/2/expert.html
I have a bunch of ideas how you 'could' do this, I am sure Tamas can
think of a few more, we just need to find the best one.
Anyone else interested in SSO,
What are your requirements? And what would you need to do? Read
Header attributes? a cookie? Add a Custom login/logout service?
Redirect to a different web app?
-toby
---------------------------------------------------------------------
To unsubscribe, e-mail: nexus-dev-unsubscribe@...
For additional commands, e-mail: nexus-dev-help@...
« Return to Thread: SSO Questions
| Free embeddable forum powered by Nabble | Forum Help |
