svn commit: r1841478 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

svn commit: r1841478 - /ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc

jleroux@apache.org
Author: jleroux
Date: Thu Sep 20 14:59:18 2018
New Revision: 1841478

URL: http://svn.apache.org/viewvc?rev=1841478&view=rev
Log:
Documented: Document the automated authentification from a domain to another
(OFBIZ-10562)

Commits WIP before changing the file name (cross fits more than inter)

Modified:
    ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc

Modified: ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc
URL: http://svn.apache.org/viewvc/ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc?rev=1841478&r1=1841477&r2=1841478&view=diff
==============================================================================
--- ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc (original)
+++ ofbiz/ofbiz-framework/trunk/framework/webapp/src/docs/asciidoc/_include/wa-inter-domains-auto-auth-navigation.adoc Thu Sep 20 14:59:18 2018
@@ -16,6 +16,23 @@ KIND, either express or implied.  See th
 specific language governing permissions and limitations
 under the License.
 ////
-= Authenticated inter-domains navigation
+= Authenticated cross-domains navigation
 
-This feature allows to navigate from a domain to another with automated signed in authentication.
\ No newline at end of file
+In some cases you need to split applications on different servers, and possibly in production on different domains.This can happen for different reasons, most often for performance reason.
+
+As it's annoying to give a credential when changing from an OFBiz application to another on the same server,  it's annoying to give a credential when changing from an OFBiz application to another on another domain.
+
+To handle automated sign in from an application to another we have currently 2 possibilities in OFBiz
+* externalLoginKey
+* Tomcat SSO (not used OOTB)
+
+This feature allows to navigate from a domain to another with automated signed in authentication.
+
+It based on 3 technologies:
+
+. https://jwt.io/[JWT Official site] -
+https://en.wikipedia.org/wiki/JSON_Web_Token[Wikipedia for JWT]
+. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS[CORS (Mozilla doc)] - https://en.wikipedia.org/wiki/Cross-origin_resource_sharing[Wikipedia for CORS]
+. Ajax, now well known I guess, in OFBiz we use jQuery for that.
+
+The mechanism is simple. The user is given a JavaScrip link