You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jetspeed-dev@portals.apache.org by "Randy Watler (JIRA)" <je...@portals.apache.org> on 2009/06/26 01:58:07 UTC

[jira] Created: (JS2-1036) SSO does not support remote credential sharing

SSO does not support remote credential sharing
----------------------------------------------

                 Key: JS2-1036
                 URL: https://issues.apache.org/jira/browse/JS2-1036
             Project: Jetspeed 2
          Issue Type: Bug
          Components: SSO
    Affects Versions: 2.2.0
         Environment: SSO, J2 2.2
            Reporter: Randy Watler
            Assignee: Randy Watler


The SSO component does not support reuse/sharing of remote credentials. For example, two users or groups cannot share a single SSO login to a remote site. It is not up to the portal to enforce or make assumptions about security policies of remote sites/systems. 

This is a regression from 2.1.X SSO which supported this feature.


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org

[jira] Updated: (JS2-1036) SSO does not support remote credential sharing

Posted by "Ate Douma (JIRA)" <je...@portals.apache.org>.

     [ https://issues.apache.org/jira/browse/JS2-1036?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Ate Douma updated JS2-1036:
---------------------------

    Attachment: JS2-1036-partial-fix.patch

I got hit by this issue today when trying to add SSO RemoteUser configurations in j2-seed.xml using both a user and a group for the same remote user.
Initially I thought I could relatively easy fix this through the SSOManagerImpl only, but once done (and working) it showed there is (much) more to this.
SSOUser ownership is tied to a single principal, meaning it cannot have multiple parents (yet).
Furthermore, the SSODetailBrowser portlet isn't up to this level of configuration either.

So, for now I'll leave this issue be, but I'm attaching a partial-fix patch containing the SSOManagerImpl changes as reference to be picked up later again.

> SSO does not support remote credential sharing
> ----------------------------------------------
>
>                 Key: JS2-1036
>                 URL: https://issues.apache.org/jira/browse/JS2-1036
>             Project: Jetspeed 2
>          Issue Type: Bug
>          Components: SSO
>    Affects Versions: 2.2.0
>         Environment: SSO, J2 2.2
>            Reporter: Randy Watler
>            Assignee: Randy Watler
>         Attachments: JS2-1036-partial-fix.patch
>
>
> The SSO component does not support reuse/sharing of remote credentials. For example, two users or groups cannot share a single SSO login to a remote site. It is not up to the portal to enforce or make assumptions about security policies of remote sites/systems. 
> This is a regression from 2.1.X SSO which supported this feature.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org