[opencms-dev] OpenCms SSO Integration
achim.westermann at questico.de
Wed Mar 17 12:42:28 CET 2010
the module action class was a good tip to get an Admin cms.
Another quick thought: Have a look at opencms.properties. There you are able to configure your own user driver.
Fabian Panthen wrote:
> Hello List,
> we are currently working on integrating OpenCms into an SSO Architecture.
> This seems to be unnecessarily difficult.
> Here's the picture:
> In a regular SSO architecture, an SSO server handles Authentication and
> provides some form of mechanism to show other applications that a user
> has been authenticated.
> Applications check for that, for instance a token, and authenticate the
> user automatically, trusting the SSO's decision that the user is to be
> We have been seraching the API for days now and so far have not sen a
> way to authenticate an OpenCms user without knowing his password.
> This is said to be a security feature. But really a security feature is
> that an application should not ever need to know a users password at all!
> If I am programming exntensions to a system with its API I obviously
> have access with administrative rights.
> Hence I should be able to
> a) create an admin enabled CmsObject without having to store the admin
> pasword somewhere
> b) create user CmsObjects without having to know their password
> The way the API seems to us currently, OpenCms can only be integrated
> into SSO if it handles the login itsself but not as a client to another
> login server.
> So, dear list, what are your thoughts?
> Have we simply overseen something, and actually we are able to do just
> that but were just to stupid to see so?
> Or is this something that should be adressed in future versions of the API?
> Anyone found a solution to this problem allready?
> Kind regards,
> Fabian Panthen
More information about the opencms-dev