You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by mb...@oreillyauto.com on 2010/09/01 16:56:28 UTC
Re: SSO IFrame form authentication
Is there any way to get the updated SSO IFrame stuff short of compiling
from source or awaiting 2.2.2 binaries? My experience so far with
implementing a new release has necessitated pretty much rebuilding my site
from scratch on the new release.
From:
Woonsan Ko <wo...@yahoo.com>
To:
Jetspeed Users List <je...@portals.apache.org>
Date:
08/30/2010 07:58 PM
Subject:
Re: SSO IFrame form authentication
I have just committed changes to fix the following issue:
https://issues.apache.org/jira/browse/JS2-1208
Now, the SSOIFramePortlet enables form based SSO, too.
Regards,
Woonsan
--- On Tue, 8/24/10, Woonsan Ko <wo...@yahoo.com> wrote:
> From: Woonsan Ko <wo...@yahoo.com>
> Subject: Re: SSO IFrame form authentication
> To: "Jetspeed Users List" <je...@portals.apache.org>
> Date: Tuesday, August 24, 2010, 3:42 AM
> Sounds good. By default, it can post
> "once per session". I like your idea.
> I will try to fix the problem soon and let you know.
>
> Regards,
>
> Woonsan
>
> --- On Mon, 8/23/10, mballard@oreillyauto.com
> <mb...@oreillyauto.com>
> wrote:
>
> > From: mballard@oreillyauto.com
> <mb...@oreillyauto.com>
> > Subject: Re: SSO IFrame form authentication
> > To: "Jetspeed Users List" <je...@portals.apache.org>
> > Date: Monday, August 23, 2010, 10:13 PM
> > Well, if I understand the issue
> > correctly, you would implement the SSO
> > IFrame Portlet to pull the credentials from the SSO
> Site
> > and also provide
> > the means to specify the other options for the form,
> ie,
> > sso.type,
> > sso.form.Args, sso.form.Action, etc., which all
> sounds
> > fine, other than I
> > don't know the ramifications of sending this form
> every
> > time the page is
> > accessed. The description in the deployment guide
> > infers that the login
> > would only happen once, I assume once per session,
> which
> > would be ok. If
> > I log out and back in to portal and navigate to the
> page,
> > it should send
> > the login form again. I understand the difficulty
> of
> > a generic portlet
> > knowing whether iframed content is authenticated or
> not,
> > but it seems once
> > per session would suffice and if for some reason the
> login
> > failed, the
> > user would have to nav to login form for the site and
> login
> > manually.
> >
> >
> >
> > From:
> > Woonsan Ko <wo...@yahoo.com>
> > To:
> > Jetspeed Users List <je...@portals.apache.org>
> > Date:
> > 08/23/2010 02:37 PM
> > Subject:
> > Re: SSO IFrame form authentication
> >
> >
> >
> > Yes, I think the SSOIFramePortlet could be improved in
> that
> > way with some
> > limitation: Because the hidden-form-posting-page is
> not
> > aware of the
> > authentication status of the remote target website, it
> has
> > to post the
> > hidden login form every time whenever it is visited.
> >
> > Mike, do you think this improvement could fulfill
> your
> > requirement?
> >
> > -Woonsan
> >
> > --- On Mon, 8/23/10, David Sean Taylor <d....@onehippo.com>
> > wrote:
> >
> > > From: David Sean Taylor <d....@onehippo.com>
> > > Subject: Re: SSO IFrame form authentication
> > > To: "Jetspeed Users List" <je...@portals.apache.org>
> > > Date: Monday, August 23, 2010, 9:17 PM
> > > On Mon, Aug 23, 2010 at 11:37 AM,
> > > Woonsan Ko <wo...@yahoo.com>
> > > wrote:
> > > > Hi,
> > > >
> > > > I think the documentation [1] is misleading
> for
> > the
> > > Form-authentication support, which is supported
> only
> > with
> > > SSOWebContentPortlet.
> > > > However, I think you can use
> IFrameGenericPortlet
> > to
> > > allow that form authentication, simply by
> configuring
> > your
> > > new view page in preferrences. For example, you
> can
> > read the
> > > preferences and build a simple hidden form with
> the
> > sso
> > > credentials info to post to the target site.
> > > > If you want to retrieve the sso credentials
> info
> > for
> > > the SSO site from your portlet or your view JSP
> page,
> > you
> > > will probably need to access the Jetspeed SSO
> > Manager,
> > > listed here as Jetspeed Service component. [2]
> > > >
> > > > PortletContext context =
> > getPortletContext();
> > > > SSOManager sso = (SSOManager)
> > > context.getAttribute("cps:SSO");
> > > >
> > > > You could refer to SSOProxyPortlet.java on
> how to
> > use
> > > the component. [3]
> > >
> > > Woonsan, I like your solution. I think it could
> be
> > > generalized and
> > > implemented in the SSO IFrame Portlet. I 've
> created
> > a
> > > JIRA
> > > "improvement" issue:
> > >
> > > https://issues.apache.org/jira/browse/JS2-1208
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > > For additional commands, e-mail:
jetspeed-user-help@portals.apache.org
> > >
> > >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> >
> >
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean (mailgw2:3E67D1E6FC.BD937).
> >
> >
> >
> >
> > This communication and any attachments are
> confidential,
> > protected by
> > Communications Privacy Act 18 USCS § 2510, solely for
> the
> > use of the
> > intended recipient, and may contain legally
> privileged
> > material. If you
> > are not the intended recipient, please return or
> destroy it
> > immediately.
> > Thank you.
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean (mailgw2:400981E6FC.828E4).
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS § 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you
are not the intended recipient, please return or destroy it immediately.
Thank you.
Re: SSO IFrame form authentication
Posted by Woonsan Ko <wo...@yahoo.com>.
If you want a snapshot build of j2-admin war, you can download it here:
http://repository.apache.org/snapshots/org/apache/portals/jetspeed-2/j2-admin/2.2.2-SNAPSHOT/
Currently, the most recent build is j2-admin-2.2.2-20100901.003458-18.war.
-Woonsan
--- On Wed, 9/1/10, mballard@oreillyauto.com <mb...@oreillyauto.com> wrote:
> From: mballard@oreillyauto.com <mb...@oreillyauto.com>
> Subject: Re: SSO IFrame form authentication
> To: "Jetspeed Users List" <je...@portals.apache.org>
> Date: Wednesday, September 1, 2010, 4:56 PM
> Is there any way to get the updated
> SSO IFrame stuff short of compiling
> from source or awaiting 2.2.2 binaries? My experience
> so far with
> implementing a new release has necessitated pretty much
> rebuilding my site
> from scratch on the new release.
>
>
>
> From:
> Woonsan Ko <wo...@yahoo.com>
> To:
> Jetspeed Users List <je...@portals.apache.org>
> Date:
> 08/30/2010 07:58 PM
> Subject:
> Re: SSO IFrame form authentication
>
>
>
> I have just committed changes to fix the following issue:
> https://issues.apache.org/jira/browse/JS2-1208
> Now, the SSOIFramePortlet enables form based SSO, too.
>
> Regards,
>
> Woonsan
>
> --- On Tue, 8/24/10, Woonsan Ko <wo...@yahoo.com>
> wrote:
>
> > From: Woonsan Ko <wo...@yahoo.com>
> > Subject: Re: SSO IFrame form authentication
> > To: "Jetspeed Users List" <je...@portals.apache.org>
> > Date: Tuesday, August 24, 2010, 3:42 AM
> > Sounds good. By default, it can post
> > "once per session". I like your idea.
> > I will try to fix the problem soon and let you know.
> >
> > Regards,
> >
> > Woonsan
> >
> > --- On Mon, 8/23/10, mballard@oreillyauto.com
> > <mb...@oreillyauto.com>
> > wrote:
> >
> > > From: mballard@oreillyauto.com
> > <mb...@oreillyauto.com>
> > > Subject: Re: SSO IFrame form authentication
> > > To: "Jetspeed Users List" <je...@portals.apache.org>
> > > Date: Monday, August 23, 2010, 10:13 PM
> > > Well, if I understand the issue
> > > correctly, you would implement the SSO
> > > IFrame Portlet to pull the credentials from the
> SSO
> > Site
> > > and also provide
> > > the means to specify the other options for the
> form,
> > ie,
> > > sso.type,
> > > sso.form.Args, sso.form.Action, etc., which all
> > sounds
> > > fine, other than I
> > > don't know the ramifications of sending this
> form
> > every
> > > time the page is
> > > accessed. The description in the deployment
> guide
> > > infers that the login
> > > would only happen once, I assume once per
> session,
> > which
> > > would be ok. If
> > > I log out and back in to portal and navigate to
> the
> > page,
> > > it should send
> > > the login form again. I understand the
> difficulty
> > of
> > > a generic portlet
> > > knowing whether iframed content is authenticated
> or
> > not,
> > > but it seems once
> > > per session would suffice and if for some reason
> the
> > login
> > > failed, the
> > > user would have to nav to login form for the site
> and
> > login
> > > manually.
> > >
> > >
> > >
> > > From:
> > > Woonsan Ko <wo...@yahoo.com>
> > > To:
> > > Jetspeed Users List <je...@portals.apache.org>
> > > Date:
> > > 08/23/2010 02:37 PM
> > > Subject:
> > > Re: SSO IFrame form authentication
> > >
> > >
> > >
> > > Yes, I think the SSOIFramePortlet could be
> improved in
> > that
> > > way with some
> > > limitation: Because the hidden-form-posting-page
> is
> > not
> > > aware of the
> > > authentication status of the remote target
> website, it
> > has
> > > to post the
> > > hidden login form every time whenever it is
> visited.
> > >
> > > Mike, do you think this improvement could
> fulfill
> > your
> > > requirement?
> > >
> > > -Woonsan
> > >
> > > --- On Mon, 8/23/10, David Sean Taylor <d....@onehippo.com>
> > > wrote:
> > >
> > > > From: David Sean Taylor <d....@onehippo.com>
> > > > Subject: Re: SSO IFrame form authentication
> > > > To: "Jetspeed Users List" <je...@portals.apache.org>
> > > > Date: Monday, August 23, 2010, 9:17 PM
> > > > On Mon, Aug 23, 2010 at 11:37 AM,
> > > > Woonsan Ko <wo...@yahoo.com>
> > > > wrote:
> > > > > Hi,
> > > > >
> > > > > I think the documentation [1] is
> misleading
> > for
> > > the
> > > > Form-authentication support, which is
> supported
> > only
> > > with
> > > > SSOWebContentPortlet.
> > > > > However, I think you can use
> > IFrameGenericPortlet
> > > to
> > > > allow that form authentication, simply by
> > configuring
> > > your
> > > > new view page in preferrences. For example,
> you
> > can
> > > read the
> > > > preferences and build a simple hidden form
> with
> > the
> > > sso
> > > > credentials info to post to the target
> site.
> > > > > If you want to retrieve the sso
> credentials
> > info
> > > for
> > > > the SSO site from your portlet or your view
> JSP
> > page,
> > > you
> > > > will probably need to access the Jetspeed
> SSO
> > > Manager,
> > > > listed here as Jetspeed Service component.
> [2]
> > > > >
> > > > > PortletContext context =
> > > getPortletContext();
> > > > > SSOManager sso =
> (SSOManager)
> > > > context.getAttribute("cps:SSO");
> > > > >
> > > > > You could refer to SSOProxyPortlet.java
> on
> > how to
> > > use
> > > > the component. [3]
> > > >
> > > > Woonsan, I like your solution. I think it
> could
> > be
> > > > generalized and
> > > > implemented in the SSO IFrame Portlet. I
> 've
> > created
> > > a
> > > > JIRA
> > > > "improvement" issue:
> > > >
> > > > https://issues.apache.org/jira/browse/JS2-1208
> > > >
> > > >
> > >
> >
> ---------------------------------------------------------------------
> > > > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > > > For additional commands, e-mail:
> jetspeed-user-help@portals.apache.org
> > > >
> > > >
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> > >
> > >
> > > --
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean (mailgw2:3E67D1E6FC.BD937).
> > >
> > >
> > >
> > >
> > > This communication and any attachments are
> > confidential,
> > > protected by
> > > Communications Privacy Act 18 USCS § 2510,
> solely for
> > the
> > > use of the
> > > intended recipient, and may contain legally
> > privileged
> > > material. If you
> > > are not the intended recipient, please return or
> > destroy it
> > > immediately.
> > > Thank you.
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> > For additional commands, e-mail: jetspeed-user-help@portals.apache.org
> >
> >
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean (mailgw2:400981E6FC.828E4).
>
>
>
>
> This communication and any attachments are confidential,
> protected by
> Communications Privacy Act 18 USCS § 2510, solely for the
> use of the
> intended recipient, and may contain legally privileged
> material. If you
> are not the intended recipient, please return or destroy it
> immediately.
> Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org