1
vinit
Single Sign ON (SSO) Implementation
  • 2004/9/15 18:24

  • vinit

  • Just can't stay away

  • Posts: 530

  • Since: 2004/1/10


Xoops has been a rapidly growing commuinty and there are dozens of portals which are working using xoops. Now if we could make SSO implemented then if a member is logged into on XOOPS based site would need not to log into / create a new account if it visit website in webring thus enabling single sign on system. This will not only enable largescale data sharing model but it will also provide member/visitors sharing platform.

For example if a web ring has 10 sites where each website has its indepented identity but in combination they form one web ring. Now if a member is loged into on site and clicks on the webring members site link, then he should be automatically accepted as a registed member without asking him to log in once again.

I have the concept of how to implement this all i need is a group of devs/core developer who can give there ears to me. So devs msg me if you feel this is an interesting thing that can be done.

2
Mithrandir
Re: Single Sign ON (SSO) Implementation

Could you contact Mercibe here on xoops.org? He is working on LDAP integration with XOOPS and I believe he would be the best qualified guy to listen to your ideas.

3
vinit
Re: Single Sign ON (SSO) Implementation
  • 2004/9/16 5:48

  • vinit

  • Just can't stay away

  • Posts: 530

  • Since: 2004/1/10


Thanks Mithrandir,

Its nice to see that someone is working with LDAP to get this thing done...I would surely PM him.

Other simplar way could be token system. not very hard to implement neither very hard to manage.

4
pemen
Re: Single Sign ON (SSO) Implementation
  • 2004/9/16 6:40

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


Hi,

I also work on LDAP implementation in my work and also in XOOPS.
I'm interesting to work on SSO implementation.



5
Herko
Re: Single Sign ON (SSO) Implementation
  • 2004/9/16 6:53

  • Herko

  • XOOPS is my life!

  • Posts: 4238

  • Since: 2002/2/4 1


We've asked Rohan Pinto to look into implementing the Syndicated Signon architecture as defined by the Liberty Alliance. This is a method of single signon similar in architecture to Microsoft's Passport, but then based on open standards. Since this is normally a Java implementation, making this into a robust and secure PP implementation takes some time.

An LDAP implementation is also a good idea.

Herko

6
DonXoop
Re: Single Sign ON (SSO) Implementation

Boy is this timely. I'm in the design thought stage of a multi site system that could really use SSO. First off I must shake the big chill I got from thinking about MS Passport.... Not looking for a central site to broker the session management. Keep it within a cluster of associated sites with the possibility to include/exclude other sites.

LDAP is a likely standard. Instead of a central broker server I would prefer that cross site authentication occur between the involved servers so that origination and destination servers are part of the security along with the key/token. LDAP/other servers are consulted but key passing must happen between the web servers being requested for access.

I hope this allows for authentication between XOOPS and stand alone apps as well. Apps like e-commerce that are already stable can be used without a full XOOPS module integration. It would really open up the choices.

BTW, I hope that Java is not a requirement. If servers do the work without a heavy client load beyond providing credentials we won't need Java to complicate matters.

7
vinit
Re: Single Sign ON (SSO) Implementation
  • 2004/9/16 18:01

  • vinit

  • Just can't stay away

  • Posts: 530

  • Since: 2004/1/10


LDAP would be one of the best option when the entire webring is sponsored by its associates so that they can keep a LDAP server(s). On the otherhand for the smaller and cost effective end would be having tokens bassed session controlled SSO. Where in there is a predefined key for certificate genration among the webring sites. And they pass on this special user certificate from one site to other when ever the user switches among the member sites in the network.

I would like to see an open end discusion on this so that we can come up with some healthy output rather than communicating for the sake of it.

8
christophe
Re: Single Sign ON (SSO) Implementation
  • 2004/11/26 14:27

  • christophe

  • Just popping in

  • Posts: 1

  • Since: 2004/11/26


LDAP is a solution, but Free SSO Liberty Alliance exists, I think particularly about lasso a simple C library released under the GNU GPL licence. The integration work is facilitated to some extend. An existing site can integrate it in a few days, without calling into question its architecture.
It works on GNU/Linux, Windows and UNIX and has complete bindings for the C, C++, C #, ColdFusion, Java, PHP and Python languages. It is built on XML and encryption libraries (libxml2, XMLSec, OpenSSL).
http://lasso.entrouvert.org
entr'ouvert is the compagny I work for :)

9
pemen
Re: Single Sign ON (SSO) Implementation
  • 2004/11/27 17:46

  • pemen

  • Not too shy to talk

  • Posts: 186

  • Since: 2002/7/8 7


Yes but to store identity and certificate , do you use a LDAP server ?

Login

Who's Online

332 user(s) are online (240 user(s) are browsing Support Forums)


Members: 0


Guests: 332


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits