• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag
 

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Single sign on in multiple WOApps / passing parameters between apps
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Single sign on in multiple WOApps / passing parameters between apps

  • Subject: Re: Single sign on in multiple WOApps / passing parameters between apps
  • From: Tom Termini <email@hidden>
  • Date: Tue, 6 Mar 2007 15:29:33 -0500
We've done extensive work with Single Sign On, integration of WebObjects applications into portals, etc. We have a JSR168 framework for portlets. We use that with back-end LDAP authentication to give a SSO like experience. We are working on a CAS solution to pass authentication tokens, but this is still in development. 

If you contact me offline I'd be happy to share it with you.

-
Ubique,
Tom Termini

--
e-mail: email@hidden
direct dial: +353-1-440-1910
--
http://www.bluedog.ie
Bluedog Ltd.
Unit 3, 78, Furze Road,
Sandyford Industrial Estate Sandyford Dublin 18 Ireland

--
A Premier WebObjects solution provider:
Knowledge worker applications via the internet:
Services-oriented architecture,
web services, portals, data encryption
and extending legacy applications to web-enable organizations.



On Mar 6, 2007, at 10:09 AM, Ken Tabb wrote:


Hi folks,

I think I must be missing something head-slappingly obvious.


No.



I have multiple WO apps, all running off the same user database,
and for each app, the user authenticates against that user database
before they're let into the app (i.e. the Main component has a
conditional login form / page contents, depending on whether the
user has already logged into that app).

At the moment, when app1 sends a user to app2's URL, they are
presented with another login form, which they then dutifully fill
in even though it's using the same username/passwd combination they
used for app1.


First, I'd take a step back and look at the bigger picture.  Does the
University of Hertfordshire have an institutional authentication
system (e.g. Kerberos, LDAP)?   Do they have one for web apps?  If
so, that is the way to go.  The web app ones that I have worked with
(http://www.umich.edu/~umweb/software/cosign/, http://
www.stanford.edu/services/webauth/) are integrated into Apache and
make integration with WebObjects dead simple (one line).



Is it possible for app1 to take a logged in user to app2's default
URL, and pass a parameter to the instance of app2 that's dealing
with this request, along the lines of
app2.setLoggedInUser(loggedInUser());


You can pass something on the URL or in a post or a cookie. But you
will need to add a verification scheme to reduce the potential for
hacking.  Or, you can implement some sort of interprocess
communication.  Either way it is quite some work, especially compared
to using a very secure solution (see above) and one line of code.



The other route would be to have 1 monolithic "in house app" that
does everything, but I'd be rebuilding that every couple of hours
due to various parts being updated, so I'd rather keep things
modular (several little apps) if possible.


I agree, a monolithic app is the wrong direction to go in.



Let me know if this needs clarifying, and thanks in advance for any
help,


I hope that helps.

Chuck


-- 

Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems.
http://www.global-village.net/products/practical_webobjects








 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Prev by Date: Re: WebObjects 5.3.3, DST and J2SE 1.4.2
  • Next by Date: Re: WebObjects 5.3.3, DST and J2SE 1.4.2
  • Previous by thread: Re: WebObjects 5.3.3, DST and J2SE 1.4.2
  • Next by thread: Problem removing/deleting all related objects.
  • Index(es):
    • Date
    • Thread