Sounds good. By default, it can post "once per session". I like your idea. I will try to fix the problem soon and let you know.
Regards, Woonsan --- On Mon, 8/23/10, [email protected] <[email protected]> wrote: > From: [email protected] <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Monday, August 23, 2010, 10:13 PM > Well, if I understand the issue > correctly, you would implement the SSO > IFrame Portlet to pull the credentials from the SSO Site > and also provide > the means to specify the other options for the form, ie, > sso.type, > sso.form.Args, sso.form.Action, etc., which all sounds > fine, other than I > don't know the ramifications of sending this form every > time the page is > accessed. The description in the deployment guide > infers that the login > would only happen once, I assume once per session, which > would be ok. If > I log out and back in to portal and navigate to the page, > it should send > the login form again. I understand the difficulty of > a generic portlet > knowing whether iframed content is authenticated or not, > but it seems once > per session would suffice and if for some reason the login > failed, the > user would have to nav to login form for the site and login > manually. > > > > From: > Woonsan Ko <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/23/2010 02:37 PM > Subject: > Re: SSO IFrame form authentication > > > > Yes, I think the SSOIFramePortlet could be improved in that > way with some > limitation: Because the hidden-form-posting-page is not > aware of the > authentication status of the remote target website, it has > to post the > hidden login form every time whenever it is visited. > > Mike, do you think this improvement could fulfill your > requirement? > > -Woonsan > > --- On Mon, 8/23/10, David Sean Taylor <[email protected]> > wrote: > > > From: David Sean Taylor <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Monday, August 23, 2010, 9:17 PM > > On Mon, Aug 23, 2010 at 11:37 AM, > > Woonsan Ko <[email protected]> > > wrote: > > > Hi, > > > > > > I think the documentation [1] is misleading for > the > > Form-authentication support, which is supported only > with > > SSOWebContentPortlet. > > > However, I think you can use IFrameGenericPortlet > to > > allow that form authentication, simply by configuring > your > > new view page in preferrences. For example, you can > read the > > preferences and build a simple hidden form with the > sso > > credentials info to post to the target site. > > > If you want to retrieve the sso credentials info > for > > the SSO site from your portlet or your view JSP page, > you > > will probably need to access the Jetspeed SSO > Manager, > > listed here as Jetspeed Service component. [2] > > > > > > PortletContext context = > getPortletContext(); > > > SSOManager sso = (SSOManager) > > context.getAttribute("cps:SSO"); > > > > > > You could refer to SSOProxyPortlet.java on how to > use > > the component. [3] > > > > Woonsan, I like your solution. I think it could be > > generalized and > > implemented in the SSO IFrame Portlet. I 've created > a > > JIRA > > "improvement" issue: > > > > https://issues.apache.org/jira/browse/JS2-1208 > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:3E67D1E6FC.BD937). > > > > > This communication and any attachments are confidential, > protected by > Communications Privacy Act 18 USCS § 2510, solely for the > use of the > intended recipient, and may contain legally privileged > material. If you > are not the intended recipient, please return or destroy it > immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
