portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Updated: (JS2-1036) SSO does not support remote credential sharing
Date Fri, 29 Jan 2010 02:57:34 GMT

     [ https://issues.apache.org/jira/browse/JS2-1036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Ate Douma updated JS2-1036:

    Attachment: JS2-1036-partial-fix.patch

I got hit by this issue today when trying to add SSO RemoteUser configurations in j2-seed.xml
using both a user and a group for the same remote user.
Initially I thought I could relatively easy fix this through the SSOManagerImpl only, but
once done (and working) it showed there is (much) more to this.
SSOUser ownership is tied to a single principal, meaning it cannot have multiple parents (yet).
Furthermore, the SSODetailBrowser portlet isn't up to this level of configuration either.

So, for now I'll leave this issue be, but I'm attaching a partial-fix patch containing the
SSOManagerImpl changes as reference to be picked up later again.

> SSO does not support remote credential sharing
> ----------------------------------------------
>                 Key: JS2-1036
>                 URL: https://issues.apache.org/jira/browse/JS2-1036
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: SSO
>    Affects Versions: 2.2.0
>         Environment: SSO, J2 2.2
>            Reporter: Randy Watler
>            Assignee: Randy Watler
>         Attachments: JS2-1036-partial-fix.patch
> The SSO component does not support reuse/sharing of remote credentials. For example,
two users or groups cannot share a single SSO login to a remote site. It is not up to the
portal to enforce or make assumptions about security policies of remote sites/systems. 
> This is a regression from 2.1.X SSO which supported this feature.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

View raw message