SSO to ofbiz from external system

[Mason Harding <ma...@fivi.com>]

Hi all.

I am trying to figure out the best way to let a user on my existing site
seamlessly access OfBiz, either through an iframe or a redirect.  It seems
that the first step in this is to allow for SSO from my existing site to
ofbiz.

The best solution I have come up with so far is to create a web service
that creates an externalLoginKey.  I see that the current externalLoginKey
is stored in a static map on LoginWorker.  As I some day may wish to have
multiple OfBiz servers, I think I would need to store the externalLoginKey
and an expiry time in the userLogin table.

I can try to build that, but it seems like this would be a very common need
for OfBiz users, and if SSO has been done before I don't want to re-invent
the wheel.  Any suggestions?

Thanks so much for your help.
Mason

Re: SSO to ofbiz from external system

[Jacques Le Roux <ja...@les7arts.com>]

As long as you can ensure security, I don't see any drawbacks

Jacques

Mason Harding wrote:
> Great, thank you so much Jacques.
> 
> I think I am more looking for something along the lines of Oauth 2 than
> OpenID.  If someone is on my existing site, i would love for them to be
> able to navigate to an ofbiz e-commerce store without having to re-login.
> It sounds like for now I will implement a web service on ofbiz that my
> existing application can call, which will return an externalLoginKey, which
> is stored in the userLogin table.  Then the user can be redirected to ofbiz
> transparently.
> 
> I guess this might also be possible by getting ofbiz and my existing webapp
> to share a cookie (they will be on the same domain), but that sounds like a
> lot more work.
> 
> Thanks,
> Mason

Re: SSO to ofbiz from external system

[Mason Harding <ma...@fivi.com>]

Great, thank you so much Jacques.

I think I am more looking for something along the lines of Oauth 2 than
OpenID.  If someone is on my existing site, i would love for them to be
able to navigate to an ofbiz e-commerce store without having to re-login.
It sounds like for now I will implement a web service on ofbiz that my
existing application can call, which will return an externalLoginKey, which
is stored in the userLogin table.  Then the user can be redirected to ofbiz
transparently.

I guess this might also be possible by getting ofbiz and my existing webapp
to share a cookie (they will be on the same domain), but that sounds like a
lot more work.

Thanks,
Mason

Re: SSO to ofbiz from external system

[Jacques Le Roux <ja...@les7arts.com>]

We did it for a client using OpenId, but it was pretty custom and so not contributed
There is specialpurpose/crowd but I never used it, and I don't clearly know its status.
http://www.atlassian.com/software/crowd/overview

There are any other implementations in OFBiz. Last discussion ended here http://markmail.org/message/zjvbexnopykb7foh

Jacques

Mason Harding wrote:
> Hi all.
> 
> I am trying to figure out the best way to let a user on my existing site
> seamlessly access OfBiz, either through an iframe or a redirect.  It seems
> that the first step in this is to allow for SSO from my existing site to
> ofbiz.
> 
> The best solution I have come up with so far is to create a web service
> that creates an externalLoginKey.  I see that the current externalLoginKey
> is stored in a static map on LoginWorker.  As I some day may wish to have
> multiple OfBiz servers, I think I would need to store the externalLoginKey
> and an expiry time in the userLogin table.
> 
> I can try to build that, but it seems like this would be a very common need
> for OfBiz users, and if SSO has been done before I don't want to re-invent
> the wheel.  Any suggestions?
> 
> Thanks so much for your help.
> Mason