[opencms-dev] OpenCms SSO Integration

[Achim Westermann]

Hi Fabian,

the module action class was a good tip to get an Admin cms.

Another quick thought: Have a look at opencms.properties. There you are able to configure your own user driver.

HTH,

Achim

Fabian Panthen wrote:
> Hello List,
> 
> we are currently working on integrating OpenCms into an SSO Architecture.
> This seems to be unnecessarily difficult.
> Here's the picture:
> 
> In a regular SSO architecture, an SSO server handles Authentication and 
> provides some form of mechanism to show other applications that a user 
> has been authenticated.
> Applications check for that, for instance a token, and authenticate the 
> user automatically, trusting the SSO's decision that the user is to be 
> trusted.
> We have been seraching the API for days now and so far have not sen a 
> way to authenticate an OpenCms user without knowing his password.
> This is said to be a security feature. But really a security feature is 
> that an application should not ever need to know a users password at all!
> If I am programming exntensions to a system with its API I obviously 
> have access with administrative rights.
> Hence I should be able to
> 
> a) create an admin enabled CmsObject without having to store the admin 
> pasword somewhere
> b) create user CmsObjects without having to know their password
> 
> The way the API seems to us currently, OpenCms can only be integrated 
> into SSO if it handles the login itsself but not as a client to another 
> login server.
> 
> So, dear list, what are your thoughts?
> Have we simply overseen something, and actually we are able to do just 
> that but were just to stupid to see so?
> Or is this something that should be adressed in future versions of the API?
> Anyone found a solution to this problem allready?
> 
> Kind regards,
> 
> Fabian Panthen
>