Ozone Widget Authentication
414 views
Skip to first unread message
pike...@gmail.com
Feb 5, 2013, 10:31:05 AM2/5/13
to ozoneplat...@googlegroups.com
I am looking for information regarding the best way to tie the authentication of a widget implementation to the authentication of the actual OWF. For example, how does my widget know who is currently using the widget.
Ross Pokorny
Feb 5, 2013, 10:50:11 AM2/5/13
to ozoneplat...@googlegroups.com
Pike1212
Since widgets are typically separate web applications from OWF, they typically
have their own authentication mechanisms. To avoid forcing the user to
authenticate to each widget separately from OWF, we recommend that you
configure OWF and your widgets to use a common authentication mechanism, such
as a single-sign-on solution or client side certificates. For example, the
default security configuration for OWF allows it to interact with a CAS server
(a single-sign-on system). When a user accesses OWF, they are redirected to
CAS, and log in there. Then OWF communicates with the CAS server in order to
validate that the user is logged in with a given identity. You could write
your widgets to also depend on CAS for authentication. That way, the user
will already be logged in once your widgets load, and your widgets will be
able to retrieve the user's information from CAS.
Ross Pokorny
OWF Community Support Team
Since widgets are typically separate web applications from OWF, they typically
have their own authentication mechanisms. To avoid forcing the user to
authenticate to each widget separately from OWF, we recommend that you
configure OWF and your widgets to use a common authentication mechanism, such
as a single-sign-on solution or client side certificates. For example, the
default security configuration for OWF allows it to interact with a CAS server
(a single-sign-on system). When a user accesses OWF, they are redirected to
CAS, and log in there. Then OWF communicates with the CAS server in order to
validate that the user is logged in with a given identity. You could write
your widgets to also depend on CAS for authentication. That way, the user
will already be logged in once your widgets load, and your widgets will be
able to retrieve the user's information from CAS.
Ross Pokorny
OWF Community Support Team
pike...@gmail.com
Feb 5, 2013, 11:23:49 AM2/5/13
to ozoneplat...@googlegroups.com
Thanks for the quick response! Are you aware of anyone using OpenAM with OWF?
Tina
Feb 5, 2013, 5:05:51 PM2/5/13
to ozoneplat...@googlegroups.com
Pike1212:
Yes, OpenAM is a mechanism we've seen used with OWF. We don't have any sample files for the Spring security mechanisms in play, but I had reason to go looking for OpenAM information earlier today, actually, and ran across the following page which talks about OpenAM / Spring Acegi integration: https://wikis.forgerock.org/confluence/display/openam/OpenSSO+Spring+Security+%28Acegi%29+Integration
Yes, OpenAM is a mechanism we've seen used with OWF. We don't have any sample files for the Spring security mechanisms in play, but I had reason to go looking for OpenAM information earlier today, actually, and ran across the following page which talks about OpenAM / Spring Acegi integration: https://wikis.forgerock.org/confluence/display/openam/OpenSSO+Spring+Security+%28Acegi%29+Integration
If someone has a file already built that they can share, would encourage any connectors...
--
You received this message because you are subscribed to the Google Groups "ozoneplatform-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ozoneplatform-u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Ryan Hammond
Feb 5, 2013, 5:10:10 PM2/5/13
to ozoneplat...@googlegroups.com
Pike1212,
We have an OpenAM beta connector that we can probably share and/or collaborate on. If you're interested, pls contact me directly.
I'm sure we'd be willing to share the working example with everyone soon.
Thx,
Ryan
Andre
Jul 30, 2013, 12:36:03 AM7/30/13
to ozoneplat...@googlegroups.com
Ryan, my client is looking to use OpenAM with OWF7. If you have anything like this or similar I would be love to chat with you even if it is in the prototype/development stage.
To unsubscribe from this group and stop receiving emails from it, send an email to ozoneplatform-users+unsub...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "ozoneplatform-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ozoneplatform-users+unsub...@googlegroups.com.
phw...@gmail.com
Sep 7, 2017, 9:00:23 PM9/7/17
to ozoneplatform-users
Late to the party, but I would be interested if anyone has any sample configuration with OWF and OpenAM they could share.
Reply all
Reply to author
Forward
0 new messages