[TriLUG] SSO in a mixed world
matt at noway2.thruhere.net
matt at noway2.thruhere.net
Tue Nov 4 11:05:23 EST 2014
> The "boss" here has decided that he wants a version of Single Sign On,
> probably pretty classical, where once somebody logs in, they are allowed
> into any of the "services" without any more questions.
>
> Unfortunately, he doesn't want to use AD as the master database. His
> idea is that one of the Joomla instances has ( or will have ) the most
> complete list of users, so wants to use that. ( or something like that
> )
(snip)
> What mechanism would, say, Joomla use, behind the Apache Basic Auth SSO,
> to authorize and authenticate the users? Yes, Apache has let you into
> the site, but how does Alfresco know that?
Off the top of my head, this sounds like a Kerberos application. From
what I understand, Kerberos issues authentication tickets that can be
passed around amongst the applications, solving the problem of Alfresco
knowing that Apache has let you in.
More information about the TriLUG
mailing list