skipping the authentication step becouse of spnego and sso?

[emaayan <el...@gmail.com>]

hi..

i was looking into integrating shiro authentication  with sso using the
spnego http://spnego.sourceforge.net/ and i think i've reached a
conclusion... that's it's really not needed, eventually it boils down to
splapping an httpfilter on the server, which does the authentication for
you.

i'm not exactly sure it works, but i see in getRemoteUser api of httpRequest
that my user name shows up if the filter is enabled. 


so my question is there a way to skip entirely the authentication process
and do autorization alone? 

--
View this message in context: http://shiro-user.582556.n2.nabble.com/skipping-the-authentication-step-becouse-of-spnego-and-sso-tp6558451p6558451.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: skipping the authentication step becouse of spnego and sso?

[Les Hazlewood <lh...@apache.org>]

Thanks for the issue - please feel free to join the dev list if you'd
like to help us work through or discuss the issue.

Cheers,

-- 
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com

Re: skipping the authentication step becouse of spnego and sso?

[emaayan <el...@gmail.com>]

done
https://issues.apache.org/jira/browse/SHIRO-311

although it's a little different then actuall configuration... maybe need
additional thinking

On Thu, Jul 7, 2011 at 7:53 PM, Les Hazlewood-2 [via Shiro User] <
ml-node+6559087-1288307322-229522@n2.nabble.com> wrote:

> Sure - in whatever Realms you configure on the SecurityManager, just
> ensure that the realm(s)' supports(AuthenticationToken) method returns
> false.  Then the realm will never participate in authentication, but
> still be available for authorization.
>
> There are two ways of ensuring this happens at the moment:
>
> 1.  Subclass the realm and override the supports method to always return
> false.
> 2.  If the Realm implementation is a subclass of AuthenticatingRealm
> (most are), set the 'authenticationTokenClass' property to be some
> fake token class that will never be used for authentication (e.g.
> public interface NonExistentAuthenticationToken extends
> AuthenticationToken) and never create an implementation of that
> interface.
>
> If you'd like to see this as a configurable property, please open a
> feature request in Jira: https://issues.apache.org/jira/browse/SHIRO
>
> HTH,
>
> --
> Les Hazlewood
> CTO, Katasoft | http://www.katasoft.com | 888.391.5282
> twitter: http://twitter.com/lhazlewood
> katasoft blog: http://www.katasoft.com/blogs/lhazlewood
> personal blog: http://leshazlewood.com
>
>
> ------------------------------
>  If you reply to this email, your message will be added to the discussion
> below:
>
> http://shiro-user.582556.n2.nabble.com/skipping-the-authentication-step-becouse-of-spnego-and-sso-tp6558451p6559087.html
>  To unsubscribe from skipping the authentication step becouse of spnego and
> sso?, click here<http://shiro-user.582556.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=6558451&code=ZWxoLm1haWxnYXRlQGdtYWlsLmNvbXw2NTU4NDUxfDE4MDE1MDYyMA==>.
>
>


--
View this message in context: http://shiro-user.582556.n2.nabble.com/skipping-the-authentication-step-becouse-of-spnego-and-sso-tp6558451p6559771.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: skipping the authentication step becouse of spnego and sso?

[Les Hazlewood <lh...@apache.org>]

Sure - in whatever Realms you configure on the SecurityManager, just
ensure that the realm(s)' supports(AuthenticationToken) method returns
false.  Then the realm will never participate in authentication, but
still be available for authorization.

There are two ways of ensuring this happens at the moment:

1.  Subclass the realm and override the supports method to always return false.
2.  If the Realm implementation is a subclass of AuthenticatingRealm
(most are), set the 'authenticationTokenClass' property to be some
fake token class that will never be used for authentication (e.g.
public interface NonExistentAuthenticationToken extends
AuthenticationToken) and never create an implementation of that
interface.

If you'd like to see this as a configurable property, please open a
feature request in Jira: https://issues.apache.org/jira/browse/SHIRO

HTH,

-- 
Les Hazlewood
CTO, Katasoft | http://www.katasoft.com | 888.391.5282
twitter: http://twitter.com/lhazlewood
katasoft blog: http://www.katasoft.com/blogs/lhazlewood
personal blog: http://leshazlewood.com