[xwiki-dev] registration of new users in xwiki from external application : appropriate rights not set

[Thomas Krämer]

Hello Xwiki Devloppers


Thanks, Sergiu and Vincent, for your fast reply, i didn't count with
that on a friday afternoon.

i consider adding sso support to xwiki.
i connot see clearly yet, where exactly to start, and one comment you
wrote confused a little:
> Depending on what is the main application, you could even forget about
> the XWiki users. You can implement a Rights&Authentication mechanism
> that uses only external data. But this would take a bit longer.
> 
> 
> The best practice is to implement a SSO mechanism in both applications.
> Currently XWiki lacks something like this, but it is planned. The next
> best mechanism is to make one of the applications use the data from the
> other, since maintaining duplicate information is hard, and I don't mean
> just creating data in two places, but the different updates that can
> later occur.
> 
Exactly, i think this is one of the main reason why people invented sso.
You write "implement a SSO mechanism in both applications" .


Regarding authentication, this is realized in a clean and
straightforward manner in XWiki, implementing the XWikiAuthService
interface and configuring the implemting class in WEB-INF/xwiki.cfg  via
the xwiki.authentication.authclass property.

Do you plan a similarly configurable / exchangeable *authorization*
mechanism?

If not: where is the "edge" of what has to remain in xwiki and where the
interface begins? What are the classes / methods currently handling
authorization?

Vincent, you proposed JAAS. What do you think of Yale CAS as pluggable
authentication / SSO solution?


Best regars


Thomas



-- 
ontopica

Thomas Krämer

Krämer&Okpue GbR

Kurfürstenstr. 66
53115 Bonn

Fon 	0228 - 180 99 737
Fax	0228 - 242 78 60
Email 	tk at ontopica.de