Hi! Have you considered Tomcat container authentication? I worked that way to allow SSO between J2EE applications in the same server and its work well.
For my AD+NTLM environment, I had also to make a small patch to Tomcat 6: https://issues.apache.org/bugzilla/show_bug.cgi?id=46323 Have a nice day! Christophe --- En date de : Mer 18.3.09, Tilman Bender <[email protected]> a écrit : > De: Tilman Bender <[email protected]> > Objet: Re: OpenID support in JSPWiki? > À: [email protected] > Date: Mercredi 18 Mars 2009, 12h02 > Hey guys, > > I am currently plaing with the 2.8.1 code and openid4java. > > But I am having a hard time trying to fiugre out where > exactly to hook in the OpenID stuff. > The problem is (as also described in #JSPWIKI-94), that: > > 1. To me it seems you cannot do the whole thing in JAAS: > OpenID as I understand it has two phases : > > Phase I: > - The user just submitted his openid identifier to our > login/registration from. > - We do discovery on the identifier to find the Endpoint of > his OpenID Provider (and check if the provider is in our > whitelist) > - We redirect the user to his OpenID provider > > So in this phase it makes no sense to me to use a > JAAS-Module since we wouldn't be able to complete the login > mehtod > as we do not know enough about the user yet (we do not know > if his identity is asserted by the OpenID Provider). > So I currently do this via JSP and Scriptlets (no > custom tag yet). > > Phase II: > - The user is redirected back to us by his OpenID Provider > - We connect to the OpenID Provider to verify the assertion > that was passed along the request (be it a positive or > negative assertion) > - Now we know enough about the user to log them in. > > I currently try to use UserManager.setUserProfile in this > situation. Now here comes my Problem: > > I would like to do all the assertion verifiaction in a > JAAS-Module, but for that I need all the request > data, which I do not have in the setUserProfile-Method. > > So currently I am stuck. Before I start to wildly mess the > API: Am I taking the right direction? > > > Tilman Bender > Student des Software Engineering > Hochschule Heilbronn > [email protected] > > > > Am 03.12.2008 um 21:50 schrieb Janne Jalkanen: > > > Hi! > > > > Thanks for the effort - sounds like a worthy project! > > > > I think you will save yourself a lot of grief if you > work on the 2.8.1 branch, since the trunk is now the subject > of a lot of changes - but note that we *will* be making some > rather major changes for 3.0, so you may face a small > porting effort towards the end. We certainly wouldn't > like to land a major feature in 2.8 branch anymore, since > it's rather stable. > > > > I think the first thing you could do is to outline > your plan as to how exactly are you planning to hook into > our structures - a good place to start is probably the > Security documentation at http://doc.jspwiki.org/2.8/wiki/Security, > and then asking a lot of questions on this mailing list. > > > > Also, since we are talking about a fairly large > project here, you might want to sign a contributor license > agreement (CLA), and depending on the German copyright > legislation, get also Heilbronn to sign a corporate > CLA. That, or Heilbronn (or you) need to, at the end > of the project, give a software grant (SGA) to Apache > Software Foundation. But these are not biggies and can > be tackled if/when we start merging ;-) > > > > /Janne > > > > On Dec 3, 2008, at 21:25 , Tilman Bender wrote: > > > >> Hi JSPWiki Devs, > >> > >> I am a student at Heilbronn University in Germany > (Some of you might know Christoph Sauer, who worked there.) > >> As pre-thesis for my diploma I want to enhance > JSPWiki with OpenID. > >> > >> I am still pretty new to JSPWIki, OpenID and > JAAS. > >> I have worked my way through the official OpenID > 2.0 Authentication standard > >> and will do as well for Attributes Exchange. > >> > >> I would like to base my work on the 2.8.1 tag and > >> see to get it integrate into the trunk later. Is > that the correct way to do it? > >> > >> As I see Andrew already spent quite some time on > OpenID and did some preparations. > >> Since I plan to get my diploma somday soon (say in > 2009 ;-)), I have a high personal interest > >> in getting OpenID into JSPWiki. > >> > >> Summary: > >> > >> * I have time > >> * I have motivation > >> * I need some help to get started ;-) > >> > >> Any suggestions where to begin? I guess > registration/profile creation would be first. > >> > >> kind regards > >> > >> > >> Tilman Bender > >> Student des Software Engineering > >> Hochschule Heilbronn > >> [email protected] > >> > >> > > > > > >
