incubator-jspwiki-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dupriez Christophe <christophe_dupr...@yahoo.fr>
Subject Re: OpenID support in JSPWiki?
Date Wed, 18 Mar 2009 12:55:34 GMT

Hi!

Have you considered Tomcat container authentication?
I worked that way to allow SSO between J2EE applications in the same server and its work well.

For my AD+NTLM environment, I had also to make a small patch to Tomcat 6:
https://issues.apache.org/bugzilla/show_bug.cgi?id=46323

Have a nice day!

Christophe

--- En date de : Mer 18.3.09, Tilman Bender <tbender@stud.hs-heilbronn.de> a écrit :

> De: Tilman Bender <tbender@stud.hs-heilbronn.de>
> Objet: Re: OpenID support in JSPWiki?
> À: jspwiki-dev@incubator.apache.org
> Date: Mercredi 18 Mars 2009, 12h02
> Hey guys,
> 
> I am currently plaing with the 2.8.1 code and openid4java.
> 
> But I am having a hard time trying to fiugre out where
> exactly to hook in the OpenID stuff.
> The problem is (as also described in #JSPWIKI-94), that:
> 
> 1. To me it seems you cannot do the whole thing in JAAS:
> OpenID as I understand it has two phases :
> 
> Phase I:
> - The user just submitted his openid identifier to our
> login/registration from.
> - We do discovery on the identifier to find the Endpoint of
> his OpenID Provider (and check if the provider is in our
> whitelist)
> - We redirect the user to his OpenID provider
> 
> So in this phase it makes no sense to me to use a
> JAAS-Module since we wouldn't be able to complete the login
> mehtod
> as we do not know enough about the user yet (we do not know
> if his identity is asserted by the OpenID Provider).
> So I currently do this via JSP  and Scriptlets (no
> custom tag yet).
> 
> Phase II:
> - The user is redirected back to us by his OpenID Provider
> - We connect to the OpenID Provider to verify the assertion
> that was passed along the request (be it a positive or
> negative assertion)
> - Now we know enough about the user to log them in.
> 
> I currently try to use UserManager.setUserProfile in this
> situation. Now here comes my Problem:
> 
> I would like to do all the assertion verifiaction in a
> JAAS-Module, but for that I need all the request
> data, which I do not have in the setUserProfile-Method.
> 
> So currently I am stuck. Before I start to wildly mess the
> API: Am I taking the right direction?
> 
> 
> Tilman Bender
> Student des Software Engineering
> Hochschule Heilbronn
> tbender@stud.hs-heilbronn.de
> 
> 
> 
> Am 03.12.2008 um 21:50 schrieb Janne Jalkanen:
> 
> > Hi!
> > 
> > Thanks for the effort - sounds like a worthy project!
> > 
> > I think you will save yourself a lot of grief if you
> work on the 2.8.1 branch, since the trunk is now the subject
> of a lot of changes - but note that we *will* be making some
> rather major changes for 3.0, so you may face a small
> porting effort towards the end.  We certainly wouldn't
> like to land a major feature in 2.8 branch anymore, since
> it's rather stable.
> > 
> > I think the first thing you could do is to outline
> your plan as to how exactly are you planning to hook into
> our structures - a good place to start is probably the
> Security documentation at http://doc.jspwiki.org/2.8/wiki/Security,
> and then asking a lot of questions on this mailing list.
> > 
> > Also, since we are talking about a fairly large
> project here, you might want to sign a contributor license
> agreement (CLA), and depending on the German copyright
> legislation, get also Heilbronn to sign a corporate
> CLA.  That, or Heilbronn (or you) need to, at the end
> of the project, give a software grant (SGA) to Apache
> Software Foundation.  But these are not biggies and can
> be tackled if/when we start merging ;-)
> > 
> > /Janne
> > 
> > On Dec 3, 2008, at 21:25 , Tilman Bender wrote:
> > 
> >> Hi JSPWiki Devs,
> >> 
> >> I am a student at Heilbronn University in Germany
> (Some of you might know Christoph Sauer, who worked there.)
> >> As pre-thesis for my diploma I want to enhance
> JSPWiki with OpenID.
> >> 
> >> I am still pretty new to JSPWIki, OpenID and
> JAAS.
> >> I have worked my way through the official OpenID
> 2.0 Authentication standard
> >> and will do as well for Attributes Exchange.
> >> 
> >> I would like to base my work on the 2.8.1 tag and
> >> see to get it integrate into the trunk later. Is
> that the correct way to do it?
> >> 
> >> As I see Andrew already spent quite some time on
> OpenID and did some preparations.
> >> Since I plan to get my diploma somday soon (say in
> 2009 ;-)), I have a high personal interest
> >> in getting OpenID into JSPWiki.
> >> 
> >> Summary:
> >> 
> >> * I have time
> >> * I have motivation
> >> * I need some help to get started ;-)
> >> 
> >> Any suggestions where to begin? I guess
> registration/profile creation would be first.
> >> 
> >> kind regards
> >> 
> >> 
> >> Tilman Bender
> >> Student des Software Engineering
> >> Hochschule Heilbronn
> >> tbender@stud.hs-heilbronn.de
> >> 
> >> 
> > 
> 
> 
> 
> 


      

Mime
View raw message