Re: CoSign and WebObjects
Re: CoSign and WebObjects
- Subject: Re: CoSign and WebObjects
- From: Chuck Hill <email@hidden>
- Date: Wed, 23 Aug 2006 10:00:37 -0700
On Aug 23, 2006, at 9:16 AM, Q wrote:
On 24/08/2006, at 1:31 AM, Chuck Hill wrote:
Can you provide some details on what these classes do?
For anyone else interested, Stanford's WebAuth (http://
webauth.stanford.edu/) uses a very similar architecture and can be
used in place of Cosign. The import of this is that you app can
easily (probably without modification) support multiple web single
sign on implementations.
Great, now you have done it.. I will have to try out both of them
now. :P
On initial inspection with both these systems it seems an app
writer need not concern themselves with how to log a user in, but
rather how to log them out.
Logging them out is not really your concern either. If your app logs
them out of the Single Sign On, then it logs them out of all apps
that they may be using. It ends up that your user can log out of
your app (terminate) their session and come right back in and create
a new session. For total logout, you terminate the WO session, kill
the SSO cookie if there is one, and redirect to the SSO page to logout.
Chuck
On Aug 23, 2006, at 6:08 AM, email@hidden wrote:
Date: Wed, 23 Aug 2006 09:04:24 -0400
Subject: CoSign and WebObjects
On Aug 22, 2006, at 9:24 PM, Q wrote:
On 23/08/2006, at 5:24 AM, Jonathan Maybaum wrote:
Because there continues to be discussion on the list about
GVC.SiteMaker and WO web-publishing apps, and how they compare, I
thought that I would provide a link to this presentation:
http://sitemaker.umich.edu/maybaum/files/usc-sitemaker.pdf
I think that this provides a bit more insight about what
GVC.SiteMaker (called UM.SiteMaker at the University of Michigan)
is all about.
Is the Cosign auth handling mentioned in this presentation managed
in the application or using an external module?
A little bit of both. Authentication is managed by mod_cosign
integrated into Apache. Cosign can be backed by different
credential
stores, Kerberos is used in this case. Google cosign for the full
story. The app checks the REMOTE_USER HTTP header to get the
identity of the authenticated user and uses that for authorization
internally. The apps also redirects to HTTPS to force
authentication
if an authenticated identity is not found.
I am interested in Cosign, but haven't looked into what is required
to use it with WO.
Very little. Just read that header and redirect to https if it is
not present.
Chuck
If folks are interested in CoSign, I'll be releasing in about six -
seven weeks some WO classes to simplify working with the system.
In the last two years we've placed three WO applications into
production. The platform still seems viable at Michigan.
Thanks,
Barry
--
Barry A Starrfield
Lead Analyst / Programmer
University Housing
University of Michigan at Ann Arbor
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40global-village.net
This email sent to email@hidden
--
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve
specific problems. http://www.global-village.net/products/
practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40gmail.com
This email sent to email@hidden
--
Seeya...Q
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
_____ / Quinton Dolan - email@hidden
__ __/ / / __/ / /
/ __ / _/ / / Gold Coast, QLD, Australia
__/ __/ __/ ____/ / - / Ph: +61 419 729 806
_______ /
_\
--
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems. http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden