Apache
 » 
Maven
 » 
Nexus Maven Repository Manager
 » 
Nexus Maven Repository Manager Dev List

SSO Questions

View: New views
2 Messages — Rating Filter:   Alert me  

SSO Questions

by Toby Stevens :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


David, (and anyone else interested in SSO)

I had a few more questions about your SSO integration.

Is the user required to interact with a Shibboleth page?  (do you have  
to send your user to some external web page where they are required to  
fill out a form?)

Could you have Nexus send a request from the server side? (using a  
username, password, (and maybe organization) collected from a Nexus UI?
Do you need the organization?  if so is there some sort of API you can  
get the list of Organizations from (Java, REST, SOAP)?

Is it an absolute requirement to read header attributes, or could use  
use cookies, something like: http://switch.ch/aai/demo/2/expert.html

I have a bunch of ideas how you 'could' do this, I am sure Tamas can  
think of a few more,  we just need to find the best one.


Anyone else interested in SSO,
What are your requirements? And what would you need to do?  Read  
Header attributes? a cookie?  Add a Custom login/logout service?  
Redirect to a different web app?

-toby

---------------------------------------------------------------------
To unsubscribe, e-mail: nexus-dev-unsubscribe@...
For additional commands, e-mail: nexus-dev-help@...


RE: SSO Questions

by justinedelson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Toby-
For Crowd, in order to implement SSO, I need the ability to get a cookie
and log in the user programmatically. Generally, this is done inside a
Servlet Filter. This needs to happen without user intervention, i.e.
when a user hits Nexus and they have the appropriate cookie sent, they
should be logged in without clicking the "Log in" link.

If a user doesn't have the cookie set, then something inside Nexus (i.e.
the Crowd realm) needs to set the cookie.

On logout, the cookie should be cleared and a SOAP method called.

There is an alternate user flow where users are redirected out to the
Crowd server and then back to Nexus (which as I understand it is the
Shibboleth/SAML flow), but I personally don't like doing that.

I had started to look through the Nexus source to see where the logical
points to insert this logic is, but then (as so often happens), I got
distracted.

Justin

-----Original Message-----
From: Toby Stevens [mailto:tstevens@...]
Sent: Tuesday, February 24, 2009 9:08 AM
To: nexus-dev@...
Cc: dtanner; Edelson, Justin
Subject: SSO Questions


David, (and anyone else interested in SSO)

I had a few more questions about your SSO integration.

Is the user required to interact with a Shibboleth page?  (do you have
to send your user to some external web page where they are required to
fill out a form?)

Could you have Nexus send a request from the server side? (using a
username, password, (and maybe organization) collected from a Nexus UI?
Do you need the organization?  if so is there some sort of API you can
get the list of Organizations from (Java, REST, SOAP)?

Is it an absolute requirement to read header attributes, or could use
use cookies, something like: http://switch.ch/aai/demo/2/expert.html

I have a bunch of ideas how you 'could' do this, I am sure Tamas can
think of a few more,  we just need to find the best one.


Anyone else interested in SSO,
What are your requirements? And what would you need to do?  Read  
Header attributes? a cookie?  Add a Custom login/logout service?  
Redirect to a different web app?

-toby

---------------------------------------------------------------------
To unsubscribe, e-mail: nexus-dev-unsubscribe@...
For additional commands, e-mail: nexus-dev-help@...

Free embeddable forum powered by Nabble Forum Help