16 Apr
2007
16 Apr
'07
9:53 p.m.
Hello Xwiki Devloppers
Thanks, Sergiu and Vincent, for your fast reply, i didn't count with
that on a friday afternoon.
i consider adding sso support to xwiki.
i connot see clearly yet, where exactly to start, and one comment you
wrote confused a little:
Depending on what is the main application, you could
even forget about
the XWiki users. You can implement a Rights&Authentication mechanism
that uses only external data. But this would take a bit longer.
The best practice is to implement a SSO mechanism in both applications.
Currently XWiki lacks something like this, but it is planned. The next
best mechanism is to make one of the applications use the data from the
other, since maintaining duplicate information is hard, and I don't mean
just creating data in two places, but the different updates that can
later occur.
Exactly, i think this is one of the main reason why people invented sso.
You write "implement a SSO mechanism in both applications" .
Regarding authentication, this is realized in a clean and
straightforward manner in XWiki, implementing the XWikiAuthService
interface and configuring the implemting class in WEB-INF/xwiki.cfg via
the xwiki.authentication.authclass property.
Do you plan a similarly configurable / exchangeable *authorization*
mechanism?
If not: where is the "edge" of what has to remain in xwiki and where the
interface begins? What are the classes / methods currently handling
authorization?
Vincent, you proposed JAAS. What do you think of Yale CAS as pluggable
authentication / SSO solution?
Best regars
Thomas
--
ontopica
Thomas Krämer
Krämer&Okpue GbR
Kurfürstenstr. 66
53115 Bonn
Fon 0228 - 180 99 737
Fax 0228 - 242 78 60
Email tk(a)ontopica.de