[
https://issues.apache.org/jira/browse/OFBIZ-6963?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15763893#comment-15763893 ]
Shi Jinghai commented on OFBIZ-6963:
------------------------------------
Sorry James,
I misunderstood your comment. Sorry for my bad English.
Personally, I think CAS is the right choice, but the learning curve may be steep. The cookie and token implement of CAS is more suitable for OFBiz then Tomcat SSO and for further extension.
For example, with CAS + Shiro component, OFBiz can provide a long term token (i.e. one month token) specially to Android/iOS APPs, and the token can be verified as a bearer in http header.
Kind Regards,
> Single sign-on to OFBiz with CAS
> --------------------------------
>
> Key: OFBIZ-6963
> URL:
https://issues.apache.org/jira/browse/OFBIZ-6963> Project: OFBiz
> Issue Type: Improvement
> Components: ALL APPLICATIONS
> Affects Versions: Trunk
> Reporter: james yong
>
> OFBiz is made up of several web applications.
> To allow the user to sign in only once, a unique token value is presented for verification each time the user navigates to an unvisited web application.
> This approach has the following limitations:
> 1) You cannot work with multiple windows, as there is only 1 valid token value at any time and other token values will be invalid in older-opened windows.
> 2) There is a need to refresh the whole page, so that all links will contain the valid token value.
> 3) Not easy to compose a page that get contents from different web applications in OFBiz
> Adding CAS SSO component as a core into OFBiz will remove the limitations mentioned above.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
Locked
