directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Emmanuel Lecharny <elecha...@gmail.com>
Subject Re: Integration with Google SSO
Date Tue, 22 Jan 2008 23:55:33 GMT
Hi Todd,

Todd Nine wrote:
> Hi all,
>   My friend and I are starting a small business, and I would like to 
> set up Apache Directory Server as a great alternative to Active 
> Directory.  My experience is mostly with AD, and I have a bit of 
> experience with Open Ldap.  We have already set up Google Hosted 
> services, and I'd like to create a plug in to DS to use Google's SAML 
> web service.  Is it possible to create a custom plugin, similar to the 
> one here
>
> http://cwiki.apache.org/confluence/display/DIRxSRVx11/Implementing+an+alternative+Backend.

>
>
>
> The behavior I would want is the following.
>
> 1. Try to authenticate locally
> 2. If the user doesn't exist, or the password fails, try to log in 
> with the SAML service
> 3. If the SAML service authenticates, synchronize the user name and 
> password.
>
> We're only going to have one root DN.  Is it possible to do this, or 
> is there no way to chain the authentication schemes together?

Well, this is very interesting. This is definitively something you might 
do, but may be by adding a simple interceptor instead of implementing 
another backend.

The interceptors are very like tomcat's filters : you can route a 
request to a distant authentication system, or in case the local authent 
fails, just try to authenticate using some SAML service.

This is something we have to dig... I'm afraid that I may lack some time 
in the next few days to give you more informations, but this is a first 
step.

Alex, any insight ?

In any case, just poll us if we are not responsive ...

Thanks !


-- 
--
cordialement, regards,
Emmanuel L├ęcharny
www.iktek.com
directory.apache.org



Mime
View raw message