OFBiz › OFBiz - User

Kerberos and SSO

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

6 messages Options

Mike Baschky

Kerberos and SSO

Hello,

I'm researching the single sign on capabilities of
OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
know Apache has a Kerberos module that can be used to secure websites
but I don't believe this is really a solution for OFBIZ because Apache
would have to pass the information down to the embedded tomcat and then
OFBIZ would have to pull said information. The documentation does not
cover this and I've found only one user email requesting info on this
topic (no response). My question is are there any hooks in OFBIZ that
can handle Kerberos tokens? If not has anyone developed a solution using
Kerberos with OFBIZ for SSO?

Thanks,

Mike

BJ Freeman

Re: Kerberos and SSO

I am not the expert on this.
however ofbiz internally uses sessions to go between apps
a key is passed that can expire and you have to re-login.
some work has been done on LADP, but I don't use it so am not familiar
with the level of integration. /specialpurpose/ladp
here are some links
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

=========================
BJ Freeman <http://bjfreeman.elance.com>
Strategic Power Office with Supplier Automation <http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat Y! messenger: bjfr33man
Mike Baschky sent the following on 9/3/2010 8:14 AM:

> Kerberos with OFBIZ for SSO

Shi Jinghai

Re: Kerberos and SSO

In reply to this post by Mike Baschky

What OS is your Kerberos deployed on?

在 2010-09-03五的 10:14 -0500，Mike Baschky写道：

> Hello,
>
> I'm researching the single sign on capabilities of
> OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
> know Apache has a Kerberos module that can be used to secure websites
> but I don't believe this is really a solution for OFBIZ because Apache
> would have to pass the information down to the embedded tomcat and then
> OFBIZ would have to pull said information. The documentation does not
> cover this and I've found only one user email requesting info on this
> topic (no response). My question is are there any hooks in OFBIZ that
> can handle Kerberos tokens? If not has anyone developed a solution using
> Kerberos with OFBIZ for SSO?
>
>
>
> Thanks,
>
> Mike
>

Mike Baschky

RE: Kerberos and SSO

Hi Shi,
The Kerberos is coming from a windows system however the OFBIZ based application is deployed on linux (SUSE).

-Mike

-----Original Message-----
From: Shi Jinghai [mailto:[hidden email]]
Sent: Friday, September 03, 2010 1:04 PM
To: [hidden email]
Subject: Re: Kerberos and SSO

What OS is your Kerberos deployed on?

在 2010-09-03五的 10:14 -0500，Mike Baschky写道：

Mike Baschky

RE: Kerberos and SSO

In reply to this post by BJ Freeman

Hi BJ,
Thanks for the response. I'm a little familiar with the LDAP
stuff - not sure that it will help me much. Thanks again.

-Mike

-----Original Message-----
From: BJ Freeman [mailto:[hidden email]]
Sent: Friday, September 03, 2010 11:55 AM
To: [hidden email]
Subject: Re: Kerberos and SSO

I am not the expert on this.
however ofbiz internally uses sessions to go between apps
a key is passed that can expire and you have to re-login.
some work has been done on LADP, but I don't use it so am not familiar
with the level of integration. /specialpurpose/ladp
here are some links
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security

=========================
BJ Freeman <http://bjfreeman.elance.com>
Strategic Power Office with Supplier Automation
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat Y! messenger: bjfr33man
Mike Baschky sent the following on 9/3/2010 8:14 AM:

> Kerberos with OFBIZ for SSO

Shi Jinghai

RE: Kerberos and SSO

In reply to this post by Mike Baschky

Hi Mike,

I'm not familiar with Windows Kerberos, it seems SPENGO is the choice:
https://wiki.jasig.org/display/CASUM/SPNEGO

You have to implement a login handler similar to
JCIFSSpnegoAuthenticationHandler mentioned in the wiki.

Regards,

Shi Jinghai/Beijing Langhua Ltd.

在 2010-09-07二的 08:28 -0500，Mike Baschky写道：

> Hi Shi,
> The Kerberos is coming from a windows system however the OFBIZ based application is deployed on linux (SUSE).
>
> -Mike
>
> -----Original Message-----
> From: Shi Jinghai [mailto:[hidden email]]
> Sent: Friday, September 03, 2010 1:04 PM
> To: [hidden email]
> Subject: Re: Kerberos and SSO
>
> What OS is your Kerberos deployed on?
>
> 在 2010-09-03五的 10:14 -0500，Mike Baschky写道：
> > Hello,
> >
> > I'm researching the single sign on capabilities of
> > OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
> > know Apache has a Kerberos module that can be used to secure websites
> > but I don't believe this is really a solution for OFBIZ because Apache
> > would have to pass the information down to the embedded tomcat and then
> > OFBIZ would have to pull said information. The documentation does not
> > cover this and I've found only one user email requesting info on this
> > topic (no response). My question is are there any hooks in OFBIZ that
> > can handle Kerberos tokens? If not has anyone developed a solution using
> > Kerberos with OFBIZ for SSO?
> >
> >
> >
> > Thanks,
> >
> > Mike
> >
>