[opencms-dev] Re: opencms and single sign-on
Thomas März
thomas.maerz at gmail.com
Mon May 7 12:41:24 CEST 2007
Inigo <imunoz at zylk.net> writes:
> I have some doubts. Using CAS you still have to manage the user roles
> in OpenCMS and so on, dont you? I mean, CAS only validates if a given
> user is valid or not, according to the configurated authentication
> mechanism, but you still have to check if a user can or can't see some
> pages or not, is that right?
Yes.
> Appart from that, (this is CAS specific)
> is there anything special you have to do configurating CAS in order to
> maintain the sessions between different applications?
Sharing HttpSessions is not possible. CAS has a storage of
authenticated users.
> I have setup a
> CAS Server in my machine, and appart from that I have installed
> OpenCMS and Webcalendar, both of them having CAS integration. Well,
> when I go to webcalendar, it redirects me to the CAS login screen, I
> logged successfully. Then, I go to the login defined in OpenCMS, and
> it also redirects me to the CAS login screen. As fas as I understand,
> CAS should know that user is already logged and therefore, log you in
> automatically.
Yes. But you also need to authenticate the user with OpenCms
since CAS won't take care of this. With a valid ticketId CAS
returns you the username (netId). And now it's your turn to
login the user to OpenCms.
Take a look at:
http://www.ja-sig.org/wiki/display/CAS/CAS+Functional+Tests
Regards,
Thomas
More information about the opencms-dev
mailing list