Jetspeed SSO with OS

[anyz <an...@gmail.com>]

Couold you please guide me towards some documentation/tutorial to set up SSO
the OS (e.g. with Windows/iSeries). For example user is already logged on to
OS and then access the Portal URL. In this case user should not be prompted
for login but should be given access to Portal site.

Provided the Jetspeed users database is in-sync with OS and all users in OS
also exists in Jetspeed.

Thanks

Re: Jetspeed SSO with OS

[anyz <an...@gmail.com>]

Well, let me explain what exact we are looking is SSO and not authentication
from LDAP or AD.

A user logson to windows and opens the browser and hit Portal site (in J2)
URL. The portal recognizes him (SSO) and should be able to automatically set
session in J2 and allow user to access the Portal site.
For time being i'm looking for Windows but user platform can be anything.
Jetspeed supports  NTLM authentication using jCIFS but it has limitation to
work only with NTLMv1. For each user platform there should be separate
implementation as for windows it NTLM.

Am i missing something? What are your recommendations please?

On Tue, Dec 14, 2010 at 12:28 AM, Ron Wheeler <
rwheeler@artifact-software.com> wrote:

>  On 13/12/2010 9:02 AM, anyz wrote:
>
>> Couold you please guide me towards some documentation/tutorial to set up
>> SSO
>> the OS (e.g. with Windows/iSeries). For example user is already logged on
>> to
>> OS and then access the Portal URL. In this case user should not be
>> prompted
>> for login but should be given access to Portal site.
>>
>> Provided the Jetspeed users database is in-sync with OS and all users in
>> OS
>> also exists in Jetspeed.
>>
>> Thanks
>>
>> We have done a few SSO setups with Jetspeed.
>
> In SSO, you need to have some sort of trust relationship between the system
> sending the person to your site and the site itself.
> In addition, you need a mechanism to pass the authenticated identity to
> your site.
>
> Jetspeed can authenticate against AD once you link AD to your server as an
> LDAP server that the site can ask the user for a username and a password and
> ask AD to authenticate the user.
> http://www.linux.com/archive/feed/40983 might be a good starting point.
> Google "AD authentication for Linux" for lots more description of AD from a
> point of view that helps in a non-MS environment.
>
> If you have a trusted process running somewhere that can authenticate the
> user and give the Jetspeed login a way to know that the person using the
> browser to connect to your Jetspeed site is in fact known to be who they are
> logging in as, you can use SSO.
>
> We have a client's internal portal sending authenticated users to our
> portal using SAML.
> The client's portal authenticates the user and then gives the user's
> browser a URL to our site that includes the information that we can use to
> determine who they are.
>
> Ron
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
> For additional commands, e-mail: jetspeed-user-help@portals.apache.org
>
>

Re: Jetspeed SSO with OS

[Ron Wheeler <rw...@artifact-software.com>]

On 13/12/2010 9:02 AM, anyz wrote:
> Couold you please guide me towards some documentation/tutorial to set up SSO
> the OS (e.g. with Windows/iSeries). For example user is already logged on to
> OS and then access the Portal URL. In this case user should not be prompted
> for login but should be given access to Portal site.
>
> Provided the Jetspeed users database is in-sync with OS and all users in OS
> also exists in Jetspeed.
>
> Thanks
>
We have done a few SSO setups with Jetspeed.

In SSO, you need to have some sort of trust relationship between the 
system sending the person to your site and the site itself.
In addition, you need a mechanism to pass the authenticated identity to 
your site.

Jetspeed can authenticate against AD once you link AD to your server as 
an LDAP server that the site can ask the user for a username and a 
password and ask AD to authenticate the user.
http://www.linux.com/archive/feed/40983 might be a good starting point.
Google "AD authentication for Linux" for lots more description of AD 
from a point of view that helps in a non-MS environment.

If you have a trusted process running somewhere that can authenticate 
the user and give the Jetspeed login a way to know that the person using 
the browser to connect to your Jetspeed site is in fact known to be who 
they are logging in as, you can use SSO.

We have a client's internal portal sending authenticated users to our 
portal using SAML.
The client's portal authenticates the user and then gives the user's 
browser a URL to our site that includes the information that we can use 
to determine who they are.

Ron

---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-user-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-user-help@portals.apache.org

Re: Jetspeed SSO with OS

[Leo <le...@lbsconsulting.com.cn>]

Google  AD FS 2.0  for SSO implementation on windows servers. We have
implemented this for one of our clients.


Regards,
Leo.




On Mon, Dec 13, 2010 at 10:02 PM, anyz <an...@gmail.com> wrote:

> Couold you please guide me towards some documentation/tutorial to set up
> SSO
> the OS (e.g. with Windows/iSeries). For example user is already logged on
> to
> OS and then access the Portal URL. In this case user should not be prompted
> for login but should be given access to Portal site.
>
> Provided the Jetspeed users database is in-sync with OS and all users in OS
> also exists in Jetspeed.
>
> Thanks
>



-- 
Leonard Tchuta, PMP
Technology Director

LBS Management Consulting Ltd
Suite 1207, 12th Floor, Century Plaza,
No. 390 Panyu Road, Xuhui District,
Shanghai 200052, P.R. China.
Tel: 0086 - 21 - 62828074
Fax: 0086 - 21 - 62815313
Mobile: 0086 -159 0075 5434
Website: www.lbsconsulting.com.cn

中国上海市，番禺路390号，
时代大厦，12楼 ，1207室。