On Tue, May 28, 2013 at 6:14 AM, Pradeep Fernando <prad...@wso2.com> wrote:
> --Pradeep > sent from my phone > > On May 28, 2013 10:33 AM, "Pradeep Fernando" <prad...@wso2.com> wrote: > > > > > > On May 28, 2013 10:26 AM, "Nuwan Bandara" <nu...@wso2.com> wrote: > > > > > > Hi Suresh, > > > > > > > > > On Tue, May 28, 2013 at 10:09 AM, Suresh Attanayaka <sur...@wso2.com> > wrote: > > >> > > >> Hi, > > >> > > >> On Tue, May 28, 2013 at 1:29 AM, Pradeep Fernando <prad...@wso2.com> > wrote: > > >>> > > >>> Hi All, > > >>> > > >>> Using Nuwans code pointer, I managed to create SSO session in the > bamdashboard app. We should be able to check the session param and grant > access to the pages in the app. > > >>> > > >>> However, the dashboard app calls in backend services to retrieve > info. As per current code, this is done like below, > > >>> > > >>> get the admin cookie using logged in user credentials - > use the > admin cookie for subsequent admin call requests. > > >>> > > >>> with SSO enablement we no longer have/need the user credentials > within our app. > > >>> > > >>> The use case of getting admin info from carbon admin services, falls > under server to server authentication category (jaggery application being > the client here). The logged in user has nothing to do with api calling > part. > > >>> > > >>> > > >>> so, > > >>> > > >>> 1. user authenticate to the dashboard via SAML SSO > > >>> 2 the dashboard app consumes admin services using pre-defined > credentials (dashboard-user with admin credentials) > > >> > > >> > > >> So with this approach the backend admin services are not aware of > which user consuming the services ? The permissions of the logged-in user > are not taken into account ? > > The permission model for logged in user should be handled by the > webapp/jaggeryapp. For that purpose it can use CC. > If the IDP and app dont share the same user store then we have to create a > user and add permissions. > > > > > Irrespective of the logged in user , the application has the credentials > to log in to the back end. Forget about those being carbon admin services. > How would you consume a secured third party service from your app if you > had to. > > > > Then I think the model is not correct. > > >> In the previous case we pass the admin service cookie, then the > access to the admin services are allowed based on the permissions of the > user. This should be implemented in the new model as well as I think. > > >> @Nuwan, how this is handled in the UES ? Is there a way you have > mapped the dashboard session and the backend session ? > > > > > > > > > In UES, we don't have FE/BE, its only one session, and we directly use > osgi services from jaggery. The only session we have is, JSESSION > maintained by the browser and the application. > I think this suits for bam dashboard app as well. > > > > > > @Pradeep shall we review (chat on) the solution you built, even though > I helped with figuring out the SSO part I am unclear of the big picture. > > > > Sure. @Chamath please note > > > > > > > > Regards, > > > /Nuwan > > > > > >> > > >> > > >>> > > >>> > > >>> would do i guess. Any concerns. ? Please correct me if I'm > interpreting something wrong... > > >>> > > >>> --Pradeep > > >>> > > >>> > > >>> > > >>> > > >>> On Mon, May 27, 2013 at 6:48 AM, Buddhika Chamith < > buddhi...@wso2.com> wrote: > > >>>> > > >>>> Hi Pradeep, > > >>>> > > >>>> We don't use SSO with our dashboard Jaggery app at the moment. User > needs to log in to the BAM dashboard separately. There was > some difficulty in sharing sessions between the management console and > Jaggery applications at the time BAM dashboard was being done IIRC. Chamath > would be able to fill in the specific details on that. Anyway I guess now > we might be able to rethink this with above mentioned approach if it solves > our problem. > > >>>> > > >>>> Regards > > >>>> Buddhika > > >>>> > > >>>> > > >>>> > > >>>> On Sun, May 26, 2013 at 11:58 AM, Nuwan Bandara <nu...@wso2.com> > wrote: > > >>>>> > > >>>>> Hi pradeep, > > >>>>> > > >>>>> [1] are the apps with SSO, the portal app and store app > are connected with SSO app. > > >>>>> > > >>>>> Regards, > > >>>>> /Nuwan > > >>>>> > > >>>>> [1] > https://svn.wso2.org/repos/wso2/carbon/platform/branches/4.0.0/products/ues/1.0.0/modules/apps/ > > >>>>> > > >>>>> > > >>>>> On Sun, May 26, 2013 at 11:41 AM, Pradeep Fernando < > prad...@wso2.com> wrote: > > >>>>>> > > >>>>>> Hi All, > > >>>>>> > > >>>>>> I want to do the $subject. Since dashboard is a jaggery app, I > believe it is all about SSO enabling a jaggery app. This post [1] suggest > that It is done for UES. > > >>>>>> > > >>>>>> Is this functionality available OOTB in BAM dashbaords ? if not > what it takes to make it work. Code pointers/references highly appreciated. > > >>>>>> > > >>>>>> > > >>>>>> [1] http://architects.dzone.com/articles/enabling-sso-wso2-user > > >>>>>> > > >>>>>> Thanks, > > >>>>>> --Pradeep > > >>>>>> > > >>>>>> > > >>>>>> -- > > >>>>>> Pradeep Fernando > > >>>>>> Member, Management Committee - Platform & Cloud Technologies > > >>>>>> Senior Software Engineer;WSO2 Inc.; http://wso2.com > > >>>>>> > > >>>>>> blog: http://pradeepfernando.blogspot.com > > >>>>>> m: +94776603662 > > >>>>> > > >>>>> > > >>>>> > > >>>>> > > >>>>> -- > > >>>>> Thanks & Regards, > > >>>>> > > >>>>> Nuwan Bandara > > >>>>> Technical Lead & Member, MC, Development Technologies > > >>>>> WSO2 Inc. - lean . enterprise . middleware | http://wso2.com > > >>>>> blog : http://nuwanbando.com; email: nu...@wso2.com; phone: +94 > 11 763 9629 > > >>>>> > > >>>> > > >>> > > >>> > > >>> > > >>> -- > > >>> Pradeep Fernando > > >>> Member, Management Committee - Platform & Cloud Technologies > > >>> Senior Software Engineer;WSO2 Inc.; http://wso2.com > > >>> > > >>> blog: http://pradeepfernando.blogspot.com > > >>> m: +94776603662 > > >>> > > >>> _______________________________________________ > > >>> Dev mailing list > > >>> Dev@wso2.org > > >>> http://wso2.org/cgi-bin/mailman/listinfo/dev > > >>> > > >> > > >> > > >> > > >> -- > > >> Suresh Attanayake > > >> Senior Software Engineer; WSO2 Inc. http://wso2.com/ > > >> Blog : http://sureshatt.blogspot.com/ > > >> Web : http://www.ssoarcade.com/ > > >> Facebook : https://www.facebook.com/IdentityWorld > > >> Twitter : https://twitter.com/sureshatt > > >> LinkedIn : http://lk.linkedin.com/in/sureshatt > > >> Mobile : +94755012060 > > >> > > >> _______________________________________________ > > >> Dev mailing list > > >> Dev@wso2.org > > >> http://wso2.org/cgi-bin/mailman/listinfo/dev > > >> > > > > > > > > > > > > -- > > > Thanks & Regards, > > > > > > Nuwan Bandara > > > Technical Lead & Member, MC, Development Technologies > > > WSO2 Inc. - lean . enterprise . middleware | http://wso2.com > > > blog : http://nuwanbando.com; email: nu...@wso2.com; phone: +94 11 > 763 9629 > > > > -- *Pradeep Fernando* Member, Management Committee - Platform & Cloud Technologies Senior Software Engineer;WSO2 Inc.; http://wso2.com blog: http://pradeepfernando.blogspot.com m: +94776603662
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
