Re: hard question - Single Sign On
David Thielen wrote: Is there anything simpler out there (I'm spolied by how easy it is in Windows)? This is for a commercial product and we want our customers to be able to install and configure it in 5 minutes (all of it, not just the security). Acegi is a pretty decent option. Spring is a great way of ding a lot of things, including the MVC side of webapps, if you're not already tied to Struts. You can use Struts with it as well and skip the Spring MVC framework. Web applications are complex things regardless of which framework you use... You have to install an app server (and possibly configure it to work with IIS, Apache, or other web server), a database (then hook the two up), security services, and whatever other third-party stuff you need to deal with. You have to configure users (or groups) and integrate that into whatever service you're currently using for security (if any). Any time there's any interop between two separate pieces of software you're looking at a potential roadblock. Fortunately most of these problems have already been solved by somebody. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: hard question - Single Sign On
They sure don't make this easy do they? This is a lot of stuff to install configure. Is there anything simpler out there (I'm spolied by how easy it is in Windows)? This is for a commercial product and we want our customers to be able to install and configure it in 5 minutes (all of it, not just the security). Thanks - dave David Thielen www.windwardreports.com 303-499-2544 -Original Message- From: Lixin Chu [mailto:[EMAIL PROTECTED] Sent: Sunday, January 22, 2006 10:18 PM To: Struts Users Mailing List Subject: Re: hard question - Single Sign On may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: hard question - Single Sign On
may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/
Re: hard question - Single Sign On
Hi bro, what is your problem? On 1/23/06, Lixin Chu [EMAIL PROTECTED] wrote: may you would like to take a look at these two: Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home Acegi : http://acegisecurity.org/ -- = The world will be ended if love is everywhere. Shawzi
hard question - Single Sign On
In the Windows world, if a users uses IE to access an ASP website, and both are on domains and they are the same domain or there is a trust relationship between the domains, you can do the following (the joy of one company providing the entire stack): 1. You can authenticate the user which is based on who they logged in to Windows as. 2. You can handle authorization based on the groups that user is a member of. 3. You can open files as that user so all access to files is based on the user's privileges - without ever knowing the username password of the user. 4. You can access SQL Server as that user so all database access is based on that user's permissions - without ever knowing the username password of the user. What makes this such a fantastic setup is the following: 1. The user was never asked to log in to use the ASP-based portal. It knows who they are. 2. The ASP-based portal never needs to know the user's password. So there are no security issues as you are never holding storing a password. Can this be done in the J2EE world? And if so, how? 1. We want to avoid requiring the user to login to use our portal. 2. We want to get authentication authorization from the underlying O/S - so the company using this does not need to enter duplicates of all users and the groups they are in. 3. We need to access files and the databases as the user. a. We would prefer to do this without having to store the user's username password. b. If we do have to store it, what is the best way to do so? This is the one part of our portal where we are willing to write dependent code as having this be true SSO with us storing nothing is such a good thing. Suggestions ??? - thanks - dave David Thielen http://www.windwardreports.com www.windwardreports.com 303-499-2544