You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jetspeed-user@portals.apache.org by Jacob Kjome <ho...@visi.com> on 2003/03/22 16:45:44 UTC
Re: Zope, SSO & Jetspeed
I just wanted to note that I solved this issue by extending IFramePortlet
and adding the current username/password to the URL such as....
Given in xreg config...
https://www.myexternalsite.com/someapp/
After going through my custom IFramePortlet...
https://someuser:somepass@www.myexternalsite.com/someapp/
Note that this assumes that the site in question is using BASIC
authentication. I also recommend that this *only* be done when using
SSL. Some might not even be comfortable with the fact that the <iframe>
src attribute has the username/password combo written there is plain site
of someone doing a view-source. But, it is a solution if you are
comfortable with it.
Jake
At 02:01 PM 3/18/2003 -0800, you wrote:
>How are you doing authentication for your portal currently? That makes a
>big difference in the answer. Container managed auth? Do you control
>both the ZMI and portal infrastructure? True single sign on is a
>difficult issue, but there are some things you can do to solve the problem
>you describe.
>
>BTW, you can get the password out of the request for container managed
>auth. HTTP is stateless, so the credentials are passed each and every
>time and are available in the Request object. This doesn't solve your
>iFrame problem, but if you have more control over the request by using
>something like the websurf portlet that information can be 'passed
>through' to the request to ZMI. If you are using the Jetspeed form auth
>they are available the User object.
>
>-tk
>
>At 09:38 AM 2/26/2003 -0600, John Wubbel wrote:
>>I was wondering if anyone has experience using Zope and Jetspeed? I have a
>>Jetspeed portal and it is time to add some content to a hand full of
>>portlets. I am looking for information on whether or not it can be done or
>>even if it is practical.
>>
>>As a quick experiment, I used an IFrame portlet and have run the Zope
>>Management
>>Interface (ZMI) within that portlet. When I log on to the portal and the
>>IFrame initializes, I am also
>>prompted to input the userid and password for the ZMI. Is there any way to
>>implement a Single Sign On so that the ZMI uses the already authenticated
>>Jetspeed userid and password? If I develop a Zope application with a catalog
>>and some folders containing a set of documents, the user would be prompted
>>when the particular portlet starts up with the Zope application. Comments
>>are very much appreciated. TIA.
>>
>>John Wubbel
>>John Wubbel Consulting
Re: Zope, SSO & Jetspeed
Posted by Todd Kuebler <tk...@cisco.com>.
That sounds like something useful, any chance of submitting the patch +
having this feature config file driven so you could turn it on and
off? I'm guessing all the web page type portlets would benefit from
it. If you don't have the time maybe you could just post the code and let
someone else on this list make the patches, etc? I had explored something
like this a while back and was thinking that the URL Manager could handle
it, but ended up doing something diffent. Anyone else with ideas?
-tk
At 09:45 AM 3/22/2003 -0600, Jacob Kjome wrote:
>I just wanted to note that I solved this issue by extending IFramePortlet
>and adding the current username/password to the URL such as....
>
>Given in xreg config...
>https://www.myexternalsite.com/someapp/
>
>After going through my custom IFramePortlet...
>https://someuser:somepass@www.myexternalsite.com/someapp/
>
>
>Note that this assumes that the site in question is using BASIC
>authentication. I also recommend that this *only* be done when using
>SSL. Some might not even be comfortable with the fact that the <iframe>
>src attribute has the username/password combo written there is plain site
>of someone doing a view-source. But, it is a solution if you are
>comfortable with it.
>
>Jake
>
>At 02:01 PM 3/18/2003 -0800, you wrote:
>>How are you doing authentication for your portal currently? That makes
>>a big difference in the answer. Container managed auth? Do you control
>>both the ZMI and portal infrastructure? True single sign on is a
>>difficult issue, but there are some things you can do to solve the
>>problem you describe.
>>
>>BTW, you can get the password out of the request for container managed
>>auth. HTTP is stateless, so the credentials are passed each and every
>>time and are available in the Request object. This doesn't solve your
>>iFrame problem, but if you have more control over the request by using
>>something like the websurf portlet that information can be 'passed
>>through' to the request to ZMI. If you are using the Jetspeed form auth
>>they are available the User object.
>>
>>-tk
>>
>>At 09:38 AM 2/26/2003 -0600, John Wubbel wrote:
>>>I was wondering if anyone has experience using Zope and Jetspeed? I have a
>>>Jetspeed portal and it is time to add some content to a hand full of
>>>portlets. I am looking for information on whether or not it can be done or
>>>even if it is practical.
>>>
>>>As a quick experiment, I used an IFrame portlet and have run the Zope
>>>Management
>>>Interface (ZMI) within that portlet. When I log on to the portal and the
>>>IFrame initializes, I am also
>>>prompted to input the userid and password for the ZMI. Is there any way to
>>>implement a Single Sign On so that the ZMI uses the already authenticated
>>>Jetspeed userid and password? If I develop a Zope application with a catalog
>>>and some folders containing a set of documents, the user would be prompted
>>>when the particular portlet starts up with the Zope application. Comments
>>>are very much appreciated. TIA.
>>>
>>>John Wubbel
>>>John Wubbel Consulting
---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: jetspeed-user-help@jakarta.apache.org