Hi Kwadwo, OFBiz supports a few external single sign-on mechanism like CAS SSO, LinkedIn sign-on etc. If you uses KeyCloak, you are welcome to contribute code or article on KeyCloak support for OFBiz.
Regards, James Yong On 2017-12-11 05:38, Kwadwo Boahen <kwadwoboa...@gmail.com> wrote: > James, > > I am new to OfBiz but I see the direction is to break big OfBiz into > micro-services. > It will make sense to make your authentication and authorization services > independent. > I have some experience with Keycloak and will recommend you take a look at > it. > I think it will be a good choice to handle SSO and more; and free OfBiz > from a dependency on Tomcat. > > Regards > > > > On Sun, Nov 5, 2017 at 11:12 AM, James Yong <jamesy...@apache.org> wrote: > > > Hi all, > > > > I would like to revisit this issue. Specifically on whether implementing > > Tomcat SSO to avoid using externalLoginKey is a sound approach. Thanks. > > > > Regards, > > James Yong > > > > On 2017-05-05 18:02, Taher Alkhateeb <slidingfilame...@gmail.com> wrote: > > > I've been contemplating this for a while, but it is not an easy task. > > > Essentially, we need to fully refactor the Catalina Container and do a > > lot > > > of cleanup to reverse the way OFBiz is deployed to be a single web > > > application, not multiple web applications mapped to a single servlet > > > container as is the architecture at the moment. > > > > > > For this to happen, we need to do many things: > > > 1- Complete the refactoring of all containers to get the new signature of > > > OfbizCommand argument list > > > 2- Redesign the container so that everything is loaded once as a single > > > webapp through one master servlet. This would have the advantage of being > > > able to deploy OFBiz as a single WAR archive to be deployed in any > > servlet > > > container > > > 3- Redesign all components (if needed) to comply with this new > > architecture > > > > > > This is one of the things I've been dabbling with lately, but it's bigger > > > than I expected. The code in the catalina container is very spaghetti > > like > > > at the moment. > > > > > > So, I would say it's a good idea, but needs lots of cleanup / refactoring > > > work first if you want to have a good chance of succeeding in > > > implementation. Without a proper cleanup you might get a bit overwhelmed > > in > > > trying to navigate the code maze :) So good luck. > > > > > > On Fri, May 5, 2017 at 12:12 PM, James Yong <jamesy...@apache.org> > > wrote: > > > > > > > Hi all, > > > > > > > > I would like to propose using the Single Sign On mechanism in Tomcat. > > > > Once implemented, there is no necessity for the externalLoginKey, > > > > or to indicate "intra-app" to target-type attribute. > > > > > > > > Any issue before i start working on a POC? > > > > > > > > Regards, > > > > James Yong > > > > > > > > > >