Wicket and Single Sign-on?

> I'm relatively new to Wicket and trying not to carry forward any
> preconceived notions from other frameworks.  What is the
> suggested/preferred means of authenticating single sign-on requests
> from another application?  In particular, I'm thinking about MAC
> (http://en.wikipedia.org/wiki/Message_authentication_code) but could
> potentially use a proper single sign-on framework ala CAS.  I've
> searched the list and saw some mention of using a servlet filter?  Any
> guidance would be appreciated.
>
> Thanks,
> Jeff
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

> saying that you will use MAC doesnt really say HOW you are going to
> implement sso.
>
> if you are going to use CAS, at least from what i understand of it,
> here is one way the integration can work:
>
> user is on a page
> they click a link that requires login
> your iauthorizationstrategy implementation detects that next action
> requires login, it checks for CAS token, doesnt see it, it then
> records the current url and issues a 302 to CAS passing in the current
> url as a callback
>
> user sees CAS login page
> user authenticates
> CAS redirects back to the callback url
>
> the url again causes your iauthorizationstrategy implementation to
> wake up. this time it sees the CAS token and lets the action proceed.
>
> -igor
>
> On Thu, Jun 18, 2009 at 7:51 PM, Jeff Longland<jeff.longland@...> wrote:
>> I'm relatively new to Wicket and trying not to carry forward any
>> preconceived notions from other frameworks.  What is the
>> suggested/preferred means of authenticating single sign-on requests
>> from another application?  In particular, I'm thinking about MAC
>> (http://en.wikipedia.org/wiki/Message_authentication_code) but could
>> potentially use a proper single sign-on framework ala CAS.  I've
>> searched the list and saw some mention of using a servlet filter?  Any
>> guidance would be appreciated.
>>
>> Thanks,
>> Jeff
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>

> Hi Igor,
>
> Apologies that I wasn't more detailed.  More specifically:
>
> 1. User is in application X
> 2. User clicks on link to goto application Y
> 3. Application X constructs a URL with relevant parameters (ex.
> username) and an md5 hash with the shared secret
> 4. Application X redirects to this URL.
> 5. Application Y (the wicket app) receives the request and validates
> the shared secret. (authentication)
> 6. After validating the shared secret, the user needs to be logged in
> with the appropriate role (authorization)
> 7. User proceeds to use the application
>
> When working with JSP/Servlet previously, I've accomplished this by
> using a servlet filter on application Y.  As I said in my original
> post, I'm not sure what the 'proper' way of doing something like this
> is with Wicket.  Can anyone offer any guidance?
>
> Thanks again,
> Jeff
>
> On Thu, Jun 18, 2009 at 11:23 PM, Igor Vaynberg<igor.vaynberg@...> wrote:
>> saying that you will use MAC doesnt really say HOW you are going to
>> implement sso.
>>
>> if you are going to use CAS, at least from what i understand of it,
>> here is one way the integration can work:
>>
>> user is on a page
>> they click a link that requires login
>> your iauthorizationstrategy implementation detects that next action
>> requires login, it checks for CAS token, doesnt see it, it then
>> records the current url and issues a 302 to CAS passing in the current
>> url as a callback
>>
>> user sees CAS login page
>> user authenticates
>> CAS redirects back to the callback url
>>
>> the url again causes your iauthorizationstrategy implementation to
>> wake up. this time it sees the CAS token and lets the action proceed.
>>
>> -igor
>>
>> On Thu, Jun 18, 2009 at 7:51 PM, Jeff Longland<jeff.longland@...> wrote:
>>> I'm relatively new to Wicket and trying not to carry forward any
>>> preconceived notions from other frameworks.  What is the
>>> suggested/preferred means of authenticating single sign-on requests
>>> from another application?  In particular, I'm thinking about MAC
>>> (http://en.wikipedia.org/wiki/Message_authentication_code) but could
>>> potentially use a proper single sign-on framework ala CAS.  I've
>>> searched the list and saw some mention of using a servlet filter?  Any
>>> guidance would be appreciated.
>>>
>>> Thanks,
>>> Jeff
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@...
>>> For additional commands, e-mail: users-help@...
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@...
>> For additional commands, e-mail: users-help@...
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@...
> For additional commands, e-mail: users-help@...
>
>