So far the new changes seem to be working great, with one noted exception. It seems to me that if I set up a user in SSO Management, the user should not have to set up his/her credentials in the portlet. The portlet should just go to SSO Management to get that. However, unless I'm doing something wrong, it seems I have to do both. I don't want my users having to edit the portlet preferences.
From: Woonsan Ko <[email protected]> To: Jetspeed Users List <[email protected]> Date: 08/30/2010 07:58 PM Subject: Re: SSO IFrame form authentication I have just committed changes to fix the following issue: https://issues.apache.org/jira/browse/JS2-1208 Now, the SSOIFramePortlet enables form based SSO, too. Regards, Woonsan --- On Tue, 8/24/10, Woonsan Ko <[email protected]> wrote: > From: Woonsan Ko <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Tuesday, August 24, 2010, 3:42 AM > Sounds good. By default, it can post > "once per session". I like your idea. > I will try to fix the problem soon and let you know. > > Regards, > > Woonsan > > --- On Mon, 8/23/10, [email protected] > <[email protected]> > wrote: > > > From: [email protected] > <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Monday, August 23, 2010, 10:13 PM > > Well, if I understand the issue > > correctly, you would implement the SSO > > IFrame Portlet to pull the credentials from the SSO > Site > > and also provide > > the means to specify the other options for the form, > ie, > > sso.type, > > sso.form.Args, sso.form.Action, etc., which all > sounds > > fine, other than I > > don't know the ramifications of sending this form > every > > time the page is > > accessed. The description in the deployment guide > > infers that the login > > would only happen once, I assume once per session, > which > > would be ok. If > > I log out and back in to portal and navigate to the > page, > > it should send > > the login form again. I understand the difficulty > of > > a generic portlet > > knowing whether iframed content is authenticated or > not, > > but it seems once > > per session would suffice and if for some reason the > login > > failed, the > > user would have to nav to login form for the site and > login > > manually. > > > > > > > > From: > > Woonsan Ko <[email protected]> > > To: > > Jetspeed Users List <[email protected]> > > Date: > > 08/23/2010 02:37 PM > > Subject: > > Re: SSO IFrame form authentication > > > > > > > > Yes, I think the SSOIFramePortlet could be improved in > that > > way with some > > limitation: Because the hidden-form-posting-page is > not > > aware of the > > authentication status of the remote target website, it > has > > to post the > > hidden login form every time whenever it is visited. > > > > Mike, do you think this improvement could fulfill > your > > requirement? > > > > -Woonsan > > > > --- On Mon, 8/23/10, David Sean Taylor <[email protected]> > > wrote: > > > > > From: David Sean Taylor <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Monday, August 23, 2010, 9:17 PM > > > On Mon, Aug 23, 2010 at 11:37 AM, > > > Woonsan Ko <[email protected]> > > > wrote: > > > > Hi, > > > > > > > > I think the documentation [1] is misleading > for > > the > > > Form-authentication support, which is supported > only > > with > > > SSOWebContentPortlet. > > > > However, I think you can use > IFrameGenericPortlet > > to > > > allow that form authentication, simply by > configuring > > your > > > new view page in preferrences. For example, you > can > > read the > > > preferences and build a simple hidden form with > the > > sso > > > credentials info to post to the target site. > > > > If you want to retrieve the sso credentials > info > > for > > > the SSO site from your portlet or your view JSP > page, > > you > > > will probably need to access the Jetspeed SSO > > Manager, > > > listed here as Jetspeed Service component. [2] > > > > > > > > PortletContext context = > > getPortletContext(); > > > > SSOManager sso = (SSOManager) > > > context.getAttribute("cps:SSO"); > > > > > > > > You could refer to SSOProxyPortlet.java on > how to > > use > > > the component. [3] > > > > > > Woonsan, I like your solution. I think it could > be > > > generalized and > > > implemented in the SSO IFrame Portlet. I 've > created > > a > > > JIRA > > > "improvement" issue: > > > > > > https://issues.apache.org/jira/browse/JS2-1208 > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean (mailgw2:3E67D1E6FC.BD937). > > > > > > > > > > This communication and any attachments are > confidential, > > protected by > > Communications Privacy Act 18 USCS § 2510, solely for > the > > use of the > > intended recipient, and may contain legally > privileged > > material. If you > > are not the intended recipient, please return or > destroy it > > immediately. > > Thank you. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean (mailgw2:400981E6FC.828E4). This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
