Kerberos and SSO

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Kerberos and SSO

Mike Baschky
Hello,

                I'm researching the single sign on capabilities of
OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
know Apache has a Kerberos module that can be used to secure websites
but I don't believe this is really a solution for OFBIZ because Apache
would have to pass the information down to the embedded tomcat and then
OFBIZ would have to pull said information. The documentation does not
cover this and I've found only one user email requesting info on this
topic (no response). My question is are there any hooks in OFBIZ that
can handle Kerberos tokens? If not has anyone developed a solution using
Kerberos with OFBIZ for SSO?

 

Thanks,

Mike

Reply | Threaded
Open this post in threaded view
|

Re: Kerberos and SSO

BJ Freeman
I am not the expert on this.
however ofbiz internally uses sessions to go between apps
a key is passed that can expire and you have to re-login.
some work has been done on LADP, but I don't use it so am not familiar
with the level of integration. /specialpurpose/ladp
here are some links
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security




=========================
BJ Freeman  <http://bjfreeman.elance.com>
Strategic Power Office with Supplier Automation  <http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com  <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat  Y! messenger: bjfr33man
Mike Baschky sent the following on 9/3/2010 8:14 AM:

> Kerberos with OFBIZ for SSO
Reply | Threaded
Open this post in threaded view
|

Re: Kerberos and SSO

Shi Jinghai
In reply to this post by Mike Baschky
What OS is your Kerberos deployed on?

在 2010-09-03五的 10:14 -0500,Mike Baschky写道:

> Hello,
>
>                 I'm researching the single sign on capabilities of
> OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
> know Apache has a Kerberos module that can be used to secure websites
> but I don't believe this is really a solution for OFBIZ because Apache
> would have to pass the information down to the embedded tomcat and then
> OFBIZ would have to pull said information. The documentation does not
> cover this and I've found only one user email requesting info on this
> topic (no response). My question is are there any hooks in OFBIZ that
> can handle Kerberos tokens? If not has anyone developed a solution using
> Kerberos with OFBIZ for SSO?
>
>  
>
> Thanks,
>
> Mike
>

Reply | Threaded
Open this post in threaded view
|

RE: Kerberos and SSO

Mike Baschky
Hi Shi,
        The Kerberos is coming from a windows system however the OFBIZ based application is deployed on linux (SUSE).

-Mike

-----Original Message-----
From: Shi Jinghai [mailto:[hidden email]]
Sent: Friday, September 03, 2010 1:04 PM
To: [hidden email]
Subject: Re: Kerberos and SSO

What OS is your Kerberos deployed on?

在 2010-09-03五的 10:14 -0500,Mike Baschky写道:

> Hello,
>
>                 I'm researching the single sign on capabilities of
> OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
> know Apache has a Kerberos module that can be used to secure websites
> but I don't believe this is really a solution for OFBIZ because Apache
> would have to pass the information down to the embedded tomcat and then
> OFBIZ would have to pull said information. The documentation does not
> cover this and I've found only one user email requesting info on this
> topic (no response). My question is are there any hooks in OFBIZ that
> can handle Kerberos tokens? If not has anyone developed a solution using
> Kerberos with OFBIZ for SSO?
>
>  
>
> Thanks,
>
> Mike
>

Reply | Threaded
Open this post in threaded view
|

RE: Kerberos and SSO

Mike Baschky
In reply to this post by BJ Freeman
Hi BJ,
        Thanks for the response. I'm a little familiar with the LDAP
stuff - not sure that it will help me much. Thanks again.

-Mike

-----Original Message-----
From: BJ Freeman [mailto:[hidden email]]
Sent: Friday, September 03, 2010 11:55 AM
To: [hidden email]
Subject: Re: Kerberos and SSO

I am not the expert on this.
however ofbiz internally uses sessions to go between apps
a key is passed that can expire and you have to re-login.
some work has been done on LADP, but I don't use it so am not familiar
with the level of integration. /specialpurpose/ladp
here are some links
https://cwiki.apache.org/confluence/display/OFBTECH/OFBiz+security




=========================
BJ Freeman  <http://bjfreeman.elance.com>
Strategic Power Office with Supplier Automation
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com  <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat  Y! messenger: bjfr33man
Mike Baschky sent the following on 9/3/2010 8:14 AM:

> Kerberos with OFBIZ for SSO
Reply | Threaded
Open this post in threaded view
|

RE: Kerberos and SSO

Shi Jinghai
In reply to this post by Mike Baschky
Hi Mike,

I'm not familiar with Windows Kerberos, it seems SPENGO is the choice:
https://wiki.jasig.org/display/CASUM/SPNEGO

You have to implement a login handler similar to
JCIFSSpnegoAuthenticationHandler mentioned in the wiki.

Regards,

Shi Jinghai/Beijing Langhua Ltd.


在 2010-09-07二的 08:28 -0500,Mike Baschky写道:

> Hi Shi,
> The Kerberos is coming from a windows system however the OFBIZ based application is deployed on linux (SUSE).
>
> -Mike
>
> -----Original Message-----
> From: Shi Jinghai [mailto:[hidden email]]
> Sent: Friday, September 03, 2010 1:04 PM
> To: [hidden email]
> Subject: Re: Kerberos and SSO
>
> What OS is your Kerberos deployed on?
>
> 在 2010-09-03五的 10:14 -0500,Mike Baschky写道:
> > Hello,
> >
> >                 I'm researching the single sign on capabilities of
> > OFBIZ. Specifically I'm interested using a Kerberos token for sso. I
> > know Apache has a Kerberos module that can be used to secure websites
> > but I don't believe this is really a solution for OFBIZ because Apache
> > would have to pass the information down to the embedded tomcat and then
> > OFBIZ would have to pull said information. The documentation does not
> > cover this and I've found only one user email requesting info on this
> > topic (no response). My question is are there any hooks in OFBIZ that
> > can handle Kerberos tokens? If not has anyone developed a solution using
> > Kerberos with OFBIZ for SSO?
> >
> >  
> >
> > Thanks,
> >
> > Mike
> >
>