authentication store

[Chris O'Connell <CO...@centerpost.com>]

Another newbie question...

I need to integrate my content management application with an existing suite of applications that all use a single sign-on framework.  I see lots of references to using a custom authentication mechanism (presumably, instead of creating users in the Domain.xml).  I really want to do this, since having to modify Domain.xml every time I want to add a new user, role etc. is not acceptable.  Can anyone point me at a link or some resource that provides some steps to implement this?  How do I tell Slide to use my mechanism?  What is the interface? etc. etc.

Thanks in advance.  This group has been a lot of help to me so far.

Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: authentication store

[James Mason <ma...@apache.org>]

Take a look at the WCK. There's info on the Slide site and the Wiki. If
the WCK won't work for you (it hasn't been released yet) take a look at
the JNDIPrincipalStore; it's a simplistic implementation that only
provides users and roles with a few properties.

-James

On Tue, 2004-11-23 at 10:27 +0100, Morten wrote:
> 
> Good stuff James, thanks.
> 
> > 2) Implement a custom Store for Slide to expose your users and roles as
> > nodes in Slide. You'll need a "password" property in the Slide namespace
> > in order for Slide's app server integration to work.
> 
> Any detail on what's needed to accomplish this? Would it suffice to 
> override some of the methods in SubjectNode (which as far as I can see, is 
> the one responsible for looking up users and roles - Domain.xml).
> 
> Br,
> 
> Morten
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: authentication store

[Morten <li...@kikobu.com>]

Good stuff James, thanks.

> 2) Implement a custom Store for Slide to expose your users and roles as
> nodes in Slide. You'll need a "password" property in the Slide namespace
> in order for Slide's app server integration to work.

Any detail on what's needed to accomplish this? Would it suffice to 
override some of the methods in SubjectNode (which as far as I can see, is 
the one responsible for looking up users and roles - Domain.xml).

Br,

Morten





---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: authentication store

[James Mason <ma...@apache.org>]

Slide delegates all authentication to the app server, so any
authentication source your app server supports (db, xml file, ldap) can
be used to authenticate users to Slide. In order to expose Slide's
internal user's to the app server Slide provides a JAAS implementation.

For authorization Slide needs to be able to access principals (users and
roles) according to the webdav ACL specification. Part of that
specification says all principals need to be accessible at a URI. This
means that for Slide to do authorization every user and role needs to be
be a node in Slide.

You have three basic options for custom user management:

1) Implement a custom authentication mechanism for your app server
(probably JAAS) and turn on auto-create-users to make Slide aware of
your users.

2) Implement a custom Store for Slide to expose your users and roles as
nodes in Slide. You'll need a "password" property in the Slide namespace
in order for Slide's app server integration to work.

3) A combination of the first two. The JNDIStore takes this approach,
taking advantage of most app server's built-in ability to authenticate
against LDAP.

-James

On Mon, 2004-11-22 at 09:43 -0600, Chris O'Connell wrote:
> Another newbie question...
> 
> I need to integrate my content management application with an existing suite of applications that all use a single sign-on framework.  I see lots of references to using a custom authentication mechanism (presumably, instead of creating users in the Domain.xml).  I really want to do this, since having to modify Domain.xml every time I want to add a new user, role etc. is not acceptable.  Can anyone point me at a link or some resource that provides some steps to implement this?  How do I tell Slide to use my mechanism?  What is the interface? etc. etc.
> 
> Thanks in advance.  This group has been a lot of help to me so far.
> 
> Chris
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: slide-user-help@jakarta.apache.org
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org

Re: authentication store

[Morten <li...@kikobu.com>]

Hi Chris,

> I need to integrate my content management application with an existing suite of applications that all use a single sign-on framework.  I see lots of references to using a custom authentication mechanism (presumably, instead of creating users in the Domain.xml).  I really want to do this, since having to modify Domain.xml every time I want to add a new user, role etc. is not acceptable.  Can anyone point me at a link or some resource that provides some steps to implement this?  How do I tell Slide to use my mechanism?  What is the interface? etc. etc.

See http://jakarta.apache.org/slide/howto-create-users.html on how to 
create users, roles and set passwords in Slide. Programatically this is 
done using the WebDav API, eg:

WebdavResource wdr = new WebdavResource(httpUrl, "/slide/", true);
boolean success = wdr.mkcolMethod("/slide/users/" + userName);

And so forth for setting passwords, creating roles etc. Basically the 
values in Domain.xml are just for initialization. Extra users and roles 
get created using eg. the WebDav API.

Now, if you want Slide to authenticate against some SSO solution on the 
network, that's a different story for which I don't have the answer.

Br,

Morten


---------------------------------------------------------------------
To unsubscribe, e-mail: slide-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: slide-user-help@jakarta.apache.org