Yes, my bad, I didn't have all my ducks in a row. Seems to be working fine now, just what we needed. We have one exception in that mediawiki uses a server generated token in the login process. If we grab a token from a login page, and paste it into our portlet, SSO will work one time for that token, but since it changes each time, we're really scratching our heads as to how to accomodate SSO in this situation. At any rate, your changes have really made SSO useful for us. Thanks.
From: Woonsan Ko <[email protected]> To: Jetspeed Users List <[email protected]> Date: 09/01/2010 04:56 PM Subject: Re: SSO IFrame form authentication Hi, The SSOIFramePortlet does not take any preference values for remote user/credential. It takes those from the SSOManager. By the way, if you want to use single remote user/credential for the SSOSite for all portal user, then you can consider to choose a group instead of a user in the SSO Details portlet. For example, if you choose 'engineering' group without configuring any for users, then every user in the group can be authenticated to the remote site by the shared sso user/credentials. One more thing to consider is that each user can configure his/her remote user/credential (only for the user) in /portal/my-account.psml or /ui/my-account.psml as well. Regards, Woonsan --- On Wed, 9/1/10, [email protected] <[email protected]> wrote: > From: [email protected] <[email protected]> > Subject: Re: SSO IFrame form authentication > To: "Jetspeed Users List" <[email protected]> > Date: Wednesday, September 1, 2010, 10:26 PM > So far the new changes seem to be > working great, with one noted exception. > It seems to me that if I set up a user in SSO Management, > the user should > not have to set up his/her credentials in the > portlet. The portlet should > just go to SSO Management to get that. However, > unless I'm doing > something wrong, it seems I have to do both. I don't > want my users having > to edit the portlet preferences. > > > > From: > Woonsan Ko <[email protected]> > To: > Jetspeed Users List <[email protected]> > Date: > 08/30/2010 07:58 PM > Subject: > Re: SSO IFrame form authentication > > > > I have just committed changes to fix the following issue: > https://issues.apache.org/jira/browse/JS2-1208 > Now, the SSOIFramePortlet enables form based SSO, too. > > Regards, > > Woonsan > > --- On Tue, 8/24/10, Woonsan Ko <[email protected]> > wrote: > > > From: Woonsan Ko <[email protected]> > > Subject: Re: SSO IFrame form authentication > > To: "Jetspeed Users List" <[email protected]> > > Date: Tuesday, August 24, 2010, 3:42 AM > > Sounds good. By default, it can post > > "once per session". I like your idea. > > I will try to fix the problem soon and let you know. > > > > Regards, > > > > Woonsan > > > > --- On Mon, 8/23/10, [email protected] > > <[email protected]> > > wrote: > > > > > From: [email protected] > > <[email protected]> > > > Subject: Re: SSO IFrame form authentication > > > To: "Jetspeed Users List" <[email protected]> > > > Date: Monday, August 23, 2010, 10:13 PM > > > Well, if I understand the issue > > > correctly, you would implement the SSO > > > IFrame Portlet to pull the credentials from the > SSO > > Site > > > and also provide > > > the means to specify the other options for the > form, > > ie, > > > sso.type, > > > sso.form.Args, sso.form.Action, etc., which all > > sounds > > > fine, other than I > > > don't know the ramifications of sending this > form > > every > > > time the page is > > > accessed. The description in the deployment > guide > > > infers that the login > > > would only happen once, I assume once per > session, > > which > > > would be ok. If > > > I log out and back in to portal and navigate to > the > > page, > > > it should send > > > the login form again. I understand the > difficulty > > of > > > a generic portlet > > > knowing whether iframed content is authenticated > or > > not, > > > but it seems once > > > per session would suffice and if for some reason > the > > login > > > failed, the > > > user would have to nav to login form for the site > and > > login > > > manually. > > > > > > > > > > > > From: > > > Woonsan Ko <[email protected]> > > > To: > > > Jetspeed Users List <[email protected]> > > > Date: > > > 08/23/2010 02:37 PM > > > Subject: > > > Re: SSO IFrame form authentication > > > > > > > > > > > > Yes, I think the SSOIFramePortlet could be > improved in > > that > > > way with some > > > limitation: Because the hidden-form-posting-page > is > > not > > > aware of the > > > authentication status of the remote target > website, it > > has > > > to post the > > > hidden login form every time whenever it is > visited. > > > > > > Mike, do you think this improvement could > fulfill > > your > > > requirement? > > > > > > -Woonsan > > > > > > --- On Mon, 8/23/10, David Sean Taylor <[email protected]> > > > wrote: > > > > > > > From: David Sean Taylor <[email protected]> > > > > Subject: Re: SSO IFrame form authentication > > > > To: "Jetspeed Users List" <[email protected]> > > > > Date: Monday, August 23, 2010, 9:17 PM > > > > On Mon, Aug 23, 2010 at 11:37 AM, > > > > Woonsan Ko <[email protected]> > > > > wrote: > > > > > Hi, > > > > > > > > > > I think the documentation [1] is > misleading > > for > > > the > > > > Form-authentication support, which is > supported > > only > > > with > > > > SSOWebContentPortlet. > > > > > However, I think you can use > > IFrameGenericPortlet > > > to > > > > allow that form authentication, simply by > > configuring > > > your > > > > new view page in preferrences. For example, > you > > can > > > read the > > > > preferences and build a simple hidden form > with > > the > > > sso > > > > credentials info to post to the target > site. > > > > > If you want to retrieve the sso > credentials > > info > > > for > > > > the SSO site from your portlet or your view > JSP > > page, > > > you > > > > will probably need to access the Jetspeed > SSO > > > Manager, > > > > listed here as Jetspeed Service component. > [2] > > > > > > > > > > PortletContext context = > > > getPortletContext(); > > > > > SSOManager sso = > (SSOManager) > > > > context.getAttribute("cps:SSO"); > > > > > > > > > > You could refer to SSOProxyPortlet.java > on > > how to > > > use > > > > the component. [3] > > > > > > > > Woonsan, I like your solution. I think it > could > > be > > > > generalized and > > > > implemented in the SSO IFrame Portlet. I > 've > > created > > > a > > > > JIRA > > > > "improvement" issue: > > > > > > > > https://issues.apache.org/jira/browse/JS2-1208 > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: > [email protected] > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [email protected] > > > For additional commands, e-mail: [email protected] > > > > > > > > > -- > > > This message has been scanned for viruses and > > > dangerous content by MailScanner, and is > > > believed to be clean (mailgw2:3E67D1E6FC.BD937). > > > > > > > > > > > > > > > This communication and any attachments are > > confidential, > > > protected by > > > Communications Privacy Act 18 USCS § 2510, > solely for > > the > > > use of the > > > intended recipient, and may contain legally > > privileged > > > material. If you > > > are not the intended recipient, please return or > > destroy it > > > immediately. > > > Thank you. > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean (mailgw2:400981E6FC.828E4). > > > > > This communication and any attachments are confidential, > protected by > Communications Privacy Act 18 USCS § 2510, solely for the > use of the > intended recipient, and may contain legally privileged > material. If you > are not the intended recipient, please return or destroy it > immediately. > Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean (mailgw2:E44191E6FC.1D82F). This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
