You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@struts.apache.org by David Thielen <da...@windward.net> on 2006/01/20 17:49:39 UTC

hard question - Single Sign On

In the Windows world, if a users uses IE to access an ASP website, and both
are on domains and they are the same domain or there is a trust relationship
between the domains, you can do the following (the joy of one company
providing the entire stack):

1.	You can authenticate the user which is based on who they logged in
to Windows as.
2.	You can handle authorization based on the groups that user is a
member of.
3.	You can open files as that user so all access to files is based on
the user's privileges - without ever knowing the username & password of the
user.
4.	You can access SQL Server as that user so all database access is
based on that user's permissions - without ever knowing the username &
password of the user.

What makes this such a fantastic setup is the following:

1.	The user was never asked to log in to use the ASP-based portal. It
knows who they are.
2.	The ASP-based portal never needs to know the user's password. So
there are no security issues as you are never holding & storing a password.

Can this be done in the J2EE world? And if so, how? 

1.	We want to avoid requiring the user to login to use our portal.
2.	We want to get authentication & authorization from the underlying
O/S - so the company using this does not need to enter duplicates of all
users and the groups they are in.
3.	We need to access files and the databases as the user. 

a.	We would prefer to do this without having to store the user's
username & password.
b.	If we do have to store it, what is the best way to do so?

This is the one part of our portal where we are willing to write dependent
code as having this be true SSO with us storing nothing is such a good
thing. 

 

Suggestions ??? - thanks - dave

 

 

 

 

David Thielen

 <http://www.windwardreports.com> www.windwardreports.com

303-499-2544

Re: hard question - Single Sign On

Posted by Li <am...@gmail.com>.

Hi bro, what is your problem?

On 1/23/06, Lixin Chu <li...@gmail.com> wrote:
>
> may you would like to take a look at these two:
> Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home
> Acegi : http://acegisecurity.org/
>
>
> >
> >
> >
> >
> >
> >
>
>


--
=====================================
The world will be ended if love is everywhere.
                                               ---- Shawzi

Re: hard question - Single Sign On

Posted by Dave Newton <ne...@pingsite.com>.

David Thielen wrote:
> Is there anything simpler out there (I'm spolied by how easy it is in
> Windows)? This is for a commercial product and we want our customers to be
> able to install and configure it in 5 minutes (all of it, not just the
> security).
>   
Acegi is a pretty decent option. Spring is a great way of ding a lot of
things, including the MVC side of webapps, if you're not already tied to
Struts. You can use Struts with it as well and skip the Spring MVC
framework.

Web applications are complex things regardless of which framework you
use... You have to install an app server (and possibly configure it to
work with IIS, Apache, or other web server), a database (then hook the
two up), security services, and whatever other third-party stuff you
need to deal with. You have to configure users (or groups) and integrate
that into whatever service you're currently using for security (if any).
Any time there's any interop between two separate pieces of software
you're looking at a potential roadblock.

Fortunately most of these problems have already been solved by somebody.

Dave

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

RE: hard question - Single Sign On

Posted by David Thielen <da...@windward.net>.

They sure don't make this easy do they? This is a lot of stuff to install &
configure.

Is there anything simpler out there (I'm spolied by how easy it is in
Windows)? This is for a commercial product and we want our customers to be
able to install and configure it in 5 minutes (all of it, not just the
security).

Thanks - dave

 
David Thielen
www.windwardreports.com
303-499-2544
-----Original Message-----
From: Lixin Chu [mailto:lixin.chu@gmail.com] 
Sent: Sunday, January 22, 2006 10:18 PM
To: Struts Users Mailing List
Subject: Re: hard question - Single Sign On

may you would like to take a look at these two:
 Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home
 Acegi : http://acegisecurity.org/


>
>
>
>
>
>


---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org

Re: hard question - Single Sign On

Posted by Lixin Chu <li...@gmail.com>.

may you would like to take a look at these two:
 Yale's CAS : http://www.ja-sig.org/wiki/display/CAS/Home
 Acegi : http://acegisecurity.org/


>
>
>
>
>
>