You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@shiro.apache.org by blacksensei <mi...@gmail.com> on 2013/11/04 14:33:00 UTC
Building Single Sign On server and client both using shiro
Hello I have been looking at shiro capabilities and I am pretty convinced
that I could build a centralized authentication system with it. But the
thing is I don't have much experience on CAS so don't have the proper
mindset nor any good documentation showing how to do it with shiro.
I have been using shiro on couple of web applications and I thought all
these applications(clients sso apps A and B) really should have a unique
login system. So I thought I would build a central doing authentication only
and redirect the control those clients. So mister a goes to aapp.com and
aapp.com redirect to sso.com for authentication then upon success sso.com
redirect to aapp.com for authorization to start with aapp.com. so if mister
a goes to bapp.com he should be logged in automatically.
Can anyone guide me through the process of achieving that? I use shiro with
spring most of the time so I was trying to put up my security application
context on pastie.org <http://pastie.org/8454373> . I know on the client
side (aapp.com and bapp.com) I should be looking at CasFilter and CAS realm
But I really can't get how all can be orchestrated nicely
thanks for reading this
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Building-Single-Sign-On-server-and-client-both-using-shiro-tp7579324.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Building Single Sign On server and client both using shiro
Posted by jleleu <le...@gmail.com>.
Hi,
I think I understand your goal.
I am a CAS committer so I will pretend to know well SSO issues and
mechanisms.
I'll be frank : I would not create a SSO. And the problem is not Shiro which
is a great library, the problem is that it's very very complicated.
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Building-Single-Sign-On-server-and-client-both-using-shiro-tp7579324p7579331.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Building Single Sign On server and client both using shiro
Posted by blacksensei <mi...@gmail.com>.
Hello Jerome,
Thanks for the fast response. I think the page you are referencing makes me
think that you assume that I want to authenticate just with the shiro
client. But what I am really keen on, is rather having a SSO built on shiro
and have the shiro client send their authentication request to it.
I don't know if I am a bit clearer.
Thanks
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Building-Single-Sign-On-server-and-client-both-using-shiro-tp7579324p7579326.html
Sent from the Shiro User mailing list archive at Nabble.com.
Re: Building Single Sign On server and client both using shiro
Posted by jleleu <le...@gmail.com>.
Hi,
I think the best place to start is the documentation:
http://shiro.apache.org/cas.html.
It gives you a brief overview of the CAS protocol and explanations about how
to configure a Shiro app with CAS.
Best regards,
Jérôme
--
View this message in context: http://shiro-user.582556.n2.nabble.com/Building-Single-Sign-On-server-and-client-both-using-shiro-tp7579324p7579325.html
Sent from the Shiro User mailing list archive at Nabble.com.