Hi all alfresco integrators,
This is a call to those developers or integrators that have or have had the same need than me which is the topic subject. Both those that have been successful in this task and those that are still looking for a solution, are invited to collaborate. I think there is a lot of "un-wired" information that generates a lot of confusion about this subject and nobody seems to have the definitive solution to something that is very important to integrate Alfresco as an enterprise tool, in any serious enterprise I mean. We (dpalmeira, me and others) have been about 1 month or more trying to find a definitive solution but it has become a very painful task for us :?, so we think that we need the help from the community and we're going to start from the beginning again and we'll try to report our progress with a lot of details about it. And we hope too, that other people could contribute with ideas and code.
That's all by now. Thanks for helping us. I hope we reach our target.
You'll have news from me soon but I don't know if good or bad ones
Regards. Pakin
P.D: If you reply this message with relevant information, please, specify version information from the libraries you've used.
This is a call to those developers or integrators that have or have had the same need than me which is the topic subject. Both those that have been successful in this task and those that are still looking for a solution, are invited to collaborate. I think there is a lot of "un-wired" information that generates a lot of confusion about this subject and nobody seems to have the definitive solution to something that is very important to integrate Alfresco as an enterprise tool, in any serious enterprise I mean. We (dpalmeira, me and others) have been about 1 month or more trying to find a definitive solution but it has become a very painful task for us :?, so we think that we need the help from the community and we're going to start from the beginning again and we'll try to report our progress with a lot of details about it. And we hope too, that other people could contribute with ideas and code.
That's all by now. Thanks for helping us. I hope we reach our target.
You'll have news from me soon but I don't know if good or bad ones
Regards. Pakin
P.D: If you reply this message with relevant information, please, specify version information from the libraries you've used.
Hi Frank
The username also gets passed between the CAS server and the app, so that the app knows who is making the request and can act accordingly.
There are 2 parts to (S)SO - authenitcation (is the user who they say they are, which CAS handles) and authorisation - ie what is the user allowed to do or see.
The latter requires the app to know about the user's roles and permissions which are not given to it by CAS - all it gets is a username so Alfresco has to have the users set up in advance of the request so there is (in the case of Alfresco) a home space ready and waiting for the user and the user is a member of the correct roles etc to see restricted content.
The thread discusses how to do this -
One way of doing this is to read a single user's data from LDAP on the fly when a user request hits the filters and translate that into alfresco data just before the request gets to alfresco "proper". This might be slow and takes away some of the point of using CAS (might as well authenticate with LDAP at the same time)
The other way is to import all the user data ahead of time, but then you might be doing unneccessary work.
Shibboleth attempts to address these issues by passing more than just the username at the time of authentication.
hth
-Mike
The username also gets passed between the CAS server and the app, so that the app knows who is making the request and can act accordingly.
There are 2 parts to (S)SO - authenitcation (is the user who they say they are, which CAS handles) and authorisation - ie what is the user allowed to do or see.
The latter requires the app to know about the user's roles and permissions which are not given to it by CAS - all it gets is a username so Alfresco has to have the users set up in advance of the request so there is (in the case of Alfresco) a home space ready and waiting for the user and the user is a member of the correct roles etc to see restricted content.
The thread discusses how to do this -
One way of doing this is to read a single user's data from LDAP on the fly when a user request hits the filters and translate that into alfresco data just before the request gets to alfresco "proper". This might be slow and takes away some of the point of using CAS (might as well authenticate with LDAP at the same time)
The other way is to import all the user data ahead of time, but then you might be doing unneccessary work.
Shibboleth attempts to address these issues by passing more than just the username at the time of authentication.
hth
-Mike
