[opencms-dev] opencms and single sign-on

Inigo imunoz at zylk.net
Tue May 22 13:55:52 CEST 2007


Alfonso de Gea García escribió:
> Hello Iñigo,
> Sorry but I have been out for a few days and maybe you have already solved
> your problem.
>
> As you mentioned, CAS will only provide you for the authentication
> capabilities. The authorization is an issue of every application intended to
> share the CAS login. That's to say: you have to maintain the same users set
> inside OpenCms in order to assign permissions on folders/resources. The
> change is that the password for the users has no longer to be maintaned
> inside OpenCms and you should specify a 'generic' password for all of them.
> Take in mind that an user will only be authenticated if CAS previously did
> it.
>
> On the other hand, maybe your Tomcat do not store the session info
> (server.xml property session="false" in the connector config.), or your
> client doesn't manage the cookies in a right way. Be aware to not to close
> your web browser (session only persists in the same browser in IE, with
> firefox you can share the session with different firefox instances).
>   
I have checked this, and I don't think this is the issue. There is no 
session property defined in the Connector's definition at server.xml. 
This is the code I have written:

<%@ taglib prefix="cas" uri="castools" %>

<cas:auth id="netid" scope="session"/>

<%
    String identifier= (String)request.getSession().getAttribute("netid");
    String ticket= (String)request.getParameter("ticket");
    
response.sendRedirect("http://192.168.1.182:8080/cas/validate?ticket=" + 
ticket);
%>

In the validate, I get a "no" answer.



> The spected behaviour is that once you receive the ticket (first auth.),
> next time you don't have to re-login as you are already logged.
> I hope this helps.
> Regards, Alfonso Diego de Gea García.
>
>   




More information about the opencms-dev mailing list