Re: Single sign on in multiple WOApps / passing parameters between apps
Re: Single sign on in multiple WOApps / passing parameters between apps
- Subject: Re: Single sign on in multiple WOApps / passing parameters between apps
- From: Pierre Bernard <email@hidden>
- Date: Tue, 6 Mar 2007 20:30:57 +0100
Hi!
About a year ago I worked on a single sign-on system. Unfortunately,
I didn't have the opportunity to complete it. I still have hopes to
complete it.
The basic principles are astonishingly simple:
There is one application that handles authentication.
When a user hits the entry page of another application, he gets a
temporary redirection to the authentication application. An ID (e.g.
base URL) of the originating application is passed in the URL. We
also pass the ID of the freshly created WOSession.
The user logs into the authentication application, creating an
authenticated WO session. The user gets a standard cookie with the
session's ID.
Behind the scenes the authentication contacts the target application
notifying the session of the user's credentials. This can be hack
proofed by accepting such communications only from localhost.
Additionally the credentials could be signed.
The page returned after login sets a standard cookie with the ID of
the WOSession in the authentication application and then redirects
back to the target application - right into the authenticated session.
Now the user hits the entry page of another application. Again he is
redirected to the authentication application.
Now the cookie is read, the session restored and the login for is
bypassed. The authentication immediately contacts the target
application and then sends the redirection page.
Best,
Pierre Bernard
Houdah Software s.à r.l.
On Mar 6, 2007, at 7:09 PM, Ken Tabb wrote:
Hi folks,
I think I must be missing something head-slappingly obvious.
I have multiple WO apps, all running off the same user database,
and for each app, the user authenticates against that user database
before they're let into the app (i.e. the Main component has a
conditional login form / page contents, depending on whether the
user has already logged into that app).
At the moment, when app1 sends a user to app2's URL, they are
presented with another login form, which they then dutifully fill
in even though it's using the same username/passwd combination they
used for app1.
Is it possible for app1 to take a logged in user to app2's default
URL, and pass a parameter to the instance of app2 that's dealing
with this request, along the lines of
app2.setLoggedInUser(loggedInUser());
The other route would be to have 1 monolithic "in house app" that
does everything, but I'd be rebuilding that every couple of hours
due to various parts being updated, so I'd rather keep things
modular (several little apps) if possible.
Let me know if this needs clarifying, and thanks in advance for any
help,
Ken
- - - - - - - - - -
Dr. Ken Tabb
Mac & UNIX Developer - Health & Human Sciences
Machine Vision & Neural Network researcher - School of Computer
Science
University of Hertfordshire, UK
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
- - -
Houdah Software s. à r. l.
http://www.houdah.com
- Quality Mac OS X software
- Premium WebObjects consulting
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden