[opencms-dev] OpenCms SSO Integration
Shi Yusen
shiys at langhua.cn
Wed Mar 17 13:22:58 CET 2010
Set a random password first and then use this password to authn/authz,
that's the way I integrated OpenCms with CAS.
You can see the source code here:
http://langhua.org/opensource/opencms/opencms-identity/
Regards,
Shi Yusen/Beijing Langhua Ltd.
在 2010-03-17三的 12:01 +0100,Fabian Panthen写道:
> Hello List,
>
> we are currently working on integrating OpenCms into an SSO Architecture.
> This seems to be unnecessarily difficult.
> Here's the picture:
>
> In a regular SSO architecture, an SSO server handles Authentication and
> provides some form of mechanism to show other applications that a user
> has been authenticated.
> Applications check for that, for instance a token, and authenticate the
> user automatically, trusting the SSO's decision that the user is to be
> trusted.
> We have been seraching the API for days now and so far have not sen a
> way to authenticate an OpenCms user without knowing his password.
> This is said to be a security feature. But really a security feature is
> that an application should not ever need to know a users password at all!
> If I am programming exntensions to a system with its API I obviously
> have access with administrative rights.
> Hence I should be able to
>
> a) create an admin enabled CmsObject without having to store the admin
> pasword somewhere
> b) create user CmsObjects without having to know their password
>
> The way the API seems to us currently, OpenCms can only be integrated
> into SSO if it handles the login itsself but not as a client to another
> login server.
>
> So, dear list, what are your thoughts?
> Have we simply overseen something, and actually we are able to do just
> that but were just to stupid to see so?
> Or is this something that should be adressed in future versions of the API?
> Anyone found a solution to this problem allready?
>
> Kind regards,
>
> Fabian Panthen
>
More information about the opencms-dev
mailing list