[opencms-dev] OpenCms SSO Integration
fpa at unitb-consulting.de
Wed Mar 17 12:01:24 CET 2010
we are currently working on integrating OpenCms into an SSO Architecture.
This seems to be unnecessarily difficult.
Here's the picture:
In a regular SSO architecture, an SSO server handles Authentication and
provides some form of mechanism to show other applications that a user
has been authenticated.
Applications check for that, for instance a token, and authenticate the
user automatically, trusting the SSO's decision that the user is to be
We have been seraching the API for days now and so far have not sen a
way to authenticate an OpenCms user without knowing his password.
This is said to be a security feature. But really a security feature is
that an application should not ever need to know a users password at all!
If I am programming exntensions to a system with its API I obviously
have access with administrative rights.
Hence I should be able to
a) create an admin enabled CmsObject without having to store the admin
b) create user CmsObjects without having to know their password
The way the API seems to us currently, OpenCms can only be integrated
into SSO if it handles the login itsself but not as a client to another
So, dear list, what are your thoughts?
Have we simply overseen something, and actually we are able to do just
that but were just to stupid to see so?
Or is this something that should be adressed in future versions of the API?
Anyone found a solution to this problem allready?
u n i t b c o n s u l t i n g
Tel: +49 30 44 31 92 00
Fax: +49 30 44 31 92 29
Mail: office at unitb-consulting.de
Geschäftsführer: Nico Adam, Thomas Timm
Registergericht: AG Berlin-Charlottenburg - HRB 113607
Diese E-Mail könnte vertrauliche und/oder rechtlich geschützte Informationen
enthalten. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail sind nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorised copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
More information about the opencms-dev