On 4/3/07, Michael Ralston <[EMAIL PROTECTED]> wrote:
On 4/4/07, Bob Harner <[EMAIL PROTECTED]> wrote:
> On 4/1/07, Michael Ralston <[EMAIL PROTECTED]> wrote:
> > Imagine this scenario...
> >
> > How would I go about changing the Identity object? The method:
> > Identity.belongsTo(AccreditableManager manager)
> > would not really be applicable to how the new system works. As I
> > understand it, this method checks if the user contained in the current
> > identity belonds to the accreditableManager for the current
> > publication. Currently each publication has a different
> > accreditableManager. I guess I would need the accreditableManager to
> > be global across all publications.
> >
>
> We had a similar need to unify the logins of multiple Lenya
> publications, but we approached it from a different angle. In our
> case, we wanted Lenya to work with the commercial single sign-on (SSO)
> product that we already had. The SSO product sits in front of our app
> server and handles the authentication (via LDAP) for all Lenya
> requests via a plug-in on the web server. So we changed Lenya's
> authentication to look at the REMOTE_USER HTTP header (which our
> single sign-on product always sets) and only prompt for a user name
> and password if REMOTE_USER is empty.
Do you have multiple publications in your lenya instance? If so, how
does your solution handle logging into one publication, then changing
to a different publication? Does it require logging in a second time
into the second publication?
Yes, we have multiple completely independent web sites running under
the same Lenya instance this way, and the user only has to log in once
to access any of the publications, without any additional login
prompting as the user goes from site to site. The developer that did
the work is unavailable this week, so the details will have to wait
until next week, but the main change was to create
BasicAuthUserAuthenticator.java, which extends UserAuthenticator.java,
checking request.getRemoteUser() before deciding whether to display
the login page. The key to making this work, remember, is to set up
authentication at the web server level.
Michael Ralston
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
