httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gregor Schneider" <rc4...@googlemail.com>
Subject Re: [users@httpd] How to manage single sign on with apache
Date Mon, 25 Dec 2006 11:02:51 GMT
Hi Meir,

we are not using LDAP.

The principle of our solution is as follows:

We have written a simple Servlet, that gets authenticated by Tomcat
via FormLogin.
The Servlet will then read the Cookie JSSOSessionID and will write the
contents of this Cookie into the MySQL-DB specified by
mod_auth_cookie_mysql2.
All the static content is served by Apache httpd, and the static
content requires a valid user. Now Apache takes a look into the MySQL
via mod_auth_cookie_mysql, checks if the stored cookie is available,
and voilĂ : User is authorized.


Dynamic webapps are protected by Tomcat only, and since we are using
the SingleSignOnValve, access is granted after the user has initially
been authorized by the SingleSignOn-servlet.

Sure, you'll have to think about a few things (i.e. expiry in MySQL
should be equal to Tomcat's session-timeout etc.), but that's not too
difficult.

Hope that gives you the idea.

Coming to Sun's framework:

Take a look at https://opensso.dev.java.net/ - if you want to utilize
LDAP, you might want give it a shot. However, for our purposes it was
way to oversized.

Cheers

Greg
-- 
what's puzzlin' you, is the nature of my game
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message