portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Delgado" <ch...@chrisdelgado.com>
Subject RE: Jetspeed2 and Single Sign On
Date Fri, 06 Aug 2004 14:11:50 GMT
Thanks for the feedback.
Since J2 integrates with JAAS, would it make sense to have J2 create
a JAAS subject for a logged-in user, then store this as a PortletSession
attribute?  Then, the portlet could access the JAAS subject to extract
principals and credentials from the Subject. With the obtained credential,
the portlet could then connect via URL using "HTTP basic" authentication
(among other possibilities).

One more thing:  My initial thought was to create DB schema to hold
credentials, then build a service layer for portlets to access.  This is
because in my case (project), I don't have an  SSO system to access.  In
fact, I was thinking to build a miniature SSO system into J2 (holding
credentials in a DB)....

But if SSO systems are extremely common (and free :>), maybe this is
overkill and I should just find myself an SSO system to use (instead
of maintaining passwords in a J2 db).  Then, the service layer I am
suggesting would just be a JAAS provider into the SSO system.

-----Original Message-----
From: Serge Huber [mailto:shuber2@jahia.com] 
Sent: Friday, August 06, 2004 7:43 AM
To: Jetspeed Developers List
Subject: Re: Jetspeed2 and Single Sign On

JAAS is also a way that a lot of people implement SSO. JAAS providers can 
be developped to SSO systems, and then all is well :) And just as luck 
would have it J2 integrates with JAAS !

   Serge Huber.

At 20:50 05.08.2004, you wrote:
>Hi Chris,
>My current project hooks into an existing based SSO solution.  I wrote a 
>custom valve that checks for the SSO cookie and forwards on to the SSO 
>login server if it is not found.   The SSO server sends me back J2 if 
>authentication passed.  Just to give you an idea of how you can possibly 
>tackle SSO.
>Chris Delgado wrote:
>>Is anyone currently working on an SSO mechanism for J2?  Something that
>>holds passwords
>>to other backend systems so that portlets could access them without
>>requiring the user
>>to re-authenticate? What I had in mind was something similar to IBM's
>>"credential vault".
>>I have requirements for a portal that I'd like to propose using J2; but
>>is a must and we'd
>>be accessing many backend systems.
>>If nobody's tackling this, is this something I could help contribute to
>>J2 project?  Thanks.
>>Chris Delgado
>>1703 Durley Down Court
>>Smyrna GA 30082 USA
>>(404) 931-2557
>*           Scott T. Weaver              *
>*         <weaver@apache.org>            *
>*     <http://www.einnovation.com>       *
>* -------------------------------------- *
>*   Apache Jetspeed Enterprise Portal    *
>*     Apache Pluto Portlet Container     *
>*                                        *
>* OpenEditPro, Website Content Mangement *
>*     <http://www.openeditpro.com>       *
>To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

- -- --- -----=[ shuber2 at jahia dot com ]=---- --- -- -
www.jahia.org : A collaborative source CMS and Portal Server 

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-dev-help@jakarta.apache.org

View raw message