[jira] Closed: (JS2-129) Single Sign-On Component

Wed, 01 Dec 2004 10:01:15 -0800 

     [ http://nagoya.apache.org/jira/browse/JS2-129?page=history ]
     
Roger Ruttimann closed JS2-129:
-------------------------------

     Resolution: Fixed
    Fix Version: 2.0-M1

Added SSO component to J2 (component/sso)


> Single Sign-On Component
> ------------------------
>
>          Key: JS2-129
>          URL: http://nagoya.apache.org/jira/browse/JS2-129
>      Project: Jetspeed 2
>         Type: New Feature
>  Environment: all
>     Reporter: Roger Ruttimann
>     Assignee: Roger Ruttimann
>      Fix For: 2.0-M1

>
> Introduction
> ----------------
> Since a user is logged in into the portal he/she should never be asked to 
> login again to see any content. Web portlets or IFrame portlets which refer 
> to external (to the Web Portal) sites might be only visible after a login (if 
> the target site requires authentication). This behavior can be annoying 
> especially if the portal integrates  different applications that all require 
> authentication.
> Proposal
> ------------
> The J2 framework will be extended with a component (SingleSignonComponent) 
> that does a lookup in the database to find credentials for a site (url) and a 
> jetspeed user. The credentials could be assigned to a user, group or a role 
> (Priority needs to be defined like User, Group, Role or better order should 
> be customizable).
> For the first implementation two modes will be supported:
> Username/password (HTTP Post)
> --> Portlets (IFrame, Webpage) will call into SingleSignonComponent with the 
> site (url) and the principal. The returned credentials can be used to add 
> them as parameters to the URL
> Basic Authentication (HTTP Basic Authentication)
> --> Since many sites use Basic Authentication another API updates the request 
> so that it uses BasicAuthentication with the credentials returned by the 
> lookup (site, principal).
> At a later stage the SingleSignonComponent API could be extended with 
> certificates and cookie based authentication.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://nagoya.apache.org/jira/secure/Administrators.jspa
-
If you want more information on JIRA, or have a bug to report see:
   http://www.atlassian.com/software/jira


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to