Return-Path: Delivered-To: apmail-roller-user-archive@www.apache.org Received: (qmail 87082 invoked from network); 12 Aug 2007 02:12:13 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Aug 2007 02:12:13 -0000 Received: (qmail 47185 invoked by uid 500); 12 Aug 2007 02:12:11 -0000 Delivered-To: apmail-roller-user-archive@roller.apache.org Received: (qmail 47152 invoked by uid 500); 12 Aug 2007 02:12:11 -0000 Mailing-List: contact user-help@roller.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@roller.apache.org Delivered-To: mailing list user@roller.apache.org Received: (qmail 47143 invoked by uid 99); 12 Aug 2007 02:12:11 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 11 Aug 2007 19:12:11 -0700 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of snoopdave@gmail.com designates 66.249.82.228 as permitted sender) Received: from [66.249.82.228] (HELO wx-out-0506.google.com) (66.249.82.228) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 12 Aug 2007 02:12:09 +0000 Received: by wx-out-0506.google.com with SMTP id t16so819107wxc for ; Sat, 11 Aug 2007 19:11:48 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=jUAGDcJKSe9h/jhxqtOoJHVLBYMNretJYGdEag/M1cTqBVpXnNF47bTyG0/IbxRSqKxPps1uAx+x6biT3Y4k6GlsH3+/8oDtef1//LGxTursTGxytYzmNmZ6jHR7GSMCJBBsIfwkmWd8esYuPdfyadxDpJTyLZAJi3/uKWKjfTk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mHcfAdTY3KOZPW+lh3tee7ufJ1y+D6OMLL9LR5/dVwTVnxoCee4541+w2cQqzHVF9V8XJGAJyh4qx9/TRRr+caq6f5eS7fh4bFKZQeTjZBJSzbpmthe+NWCZzs/H0ENwQKPxWpvIBhBwhddA4Z51DxHPRqYlTkODgWAZDBSnGH4= Received: by 10.90.98.3 with SMTP id v3mr5400476agb.1186884708558; Sat, 11 Aug 2007 19:11:48 -0700 (PDT) Received: by 10.90.101.12 with HTTP; Sat, 11 Aug 2007 19:11:48 -0700 (PDT) Message-ID: <8fb9ac720708111911u1b301efr2070aaabfb61abda@mail.gmail.com> Date: Sat, 11 Aug 2007 22:11:48 -0400 From: Dave To: user@roller.apache.org Subject: Re: example config for using CAS for SSO with Roller In-Reply-To: <46BDD224.4080804@cpphacker.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <46BD244C.6020509@cpphacker.co.uk> <46BDD224.4080804@cpphacker.co.uk> X-Virus-Checked: Checked by ClamAV on apache.org On 8/11/07, Phillip Rhodes wrote: > A few extra note and points of clarification... anybody who's > trying to implement SSO probably already understands these > issues (or at least these kinds of issues) but just in case it > will help somebody: Thanks for posting these notes Phillip. > This configuration still uses the same roller database tables > and information for authorization. That is, after a user is > authenticated using CAS, the code will try to look that username > up in the roller db, in order to set the authorities for the > user. Additionally, I imagine the Roller code - at some level - expects > entries in whichever table it uses for user information so it can > maintain associations between a given user and their blog, etc. I hope to be breaking some of those associations in 4.1 and make it possible to externalize Roller's user and permissions management. Check the proposal here: http://cwiki.apache.org/confluence/display/ROLLER/Proposal+Externalize+User+And+Permissions+Management - Dave