Hyland Connect

aurel44 · ‎11-29-2010

Hello,

I am an intern as a software developer in a small startup that develops a web portal. This is my first post on a computer subject and I hope I'm well explaining my problem. I have until the end of January to perform it.

The system consists of severals modules :
-a web portal developed in Flex,
-a project management module, and
-a module Alfresco + FlexSpace (kernel+GUI).

My tutor wants to establish two additional features.

First, he wants to implement an SSO authentication solution to authenticate to the portal and Alfresco in the same time. (Users are stored in a MySQL database).

Secondly, he wants to implement a propagation solution of access permission. Thus, if user X has a permission to read on Project 1, the module should enable the user X to access documents related to project 1.

My proposed solution is a system with CAS and OpenLDAP and JNDI. However:
a) I do not know if this system is feasible (and how…)
b) my tutor wants me he has several solutions

I read various posts on the subject and after 3 weeks of searching, I confess I am confused. So if you have any suggestions or comments on this complex topic, I'll be very glad you read and reply to you.

Thank you.

openpj · ‎11-29-2010

You could use the XML import to import all the users in Alfresco:
http://wiki.alfresco.com/wiki/Export_and_Import#Import_Tool

Otherwise you can use a CAS server or an LDAP server for users without importing nothing, but simply configuring Alfresco for one of these providers.

Then you could create a login form for your flex portal to authenticate users against Alfresco using the Login webscript with a GET or POST HTTP call (form action), as described here:
http://wiki.alfresco.com/wiki/2.1_REST_API#Login
This invocation will return a new Alfresco ticket (ALF_TICKET).

Then for each invocation to the private WebScripts you will create all URLs appending the ALF_TICKET parameter as the Alfresco token for the authentication:

/alfresco/service/yourCustomWebScript?alf_ticket=ALF_TICKET_VALUE‍

Hope this helps.

aurel44 · ‎11-29-2010

Firstly, I am pleasantly surprised. Barely an hour, wow! So thank you very much for these track!

In response, respectively :

1/ You advise me to use the "import" class that would allow to import the list of alfresco users in a . Acp (which I do not know) either. Xml file. I read that CPA is a file extension associated with Office Assistant Preview files. Is it true and can you tell me more please?

2/ The alternative is to use a CAS server and LDAP? It seemed to me that both were complementary, that A CAS server should refer to a data source like a LDAP directory. I try to well understand so tell me if I'm wrong

3/ Then you tell me about a login form, and I agree … (Although you talk about the login webscript as it was yet done. I have to do it, haven't I?). I invite you to correct me …

4/ Finally, we send a request to Alfresco with ticket obtained in the parameter. OK.

stevereiner · ‎11-29-2010

Note FlexSpaces already has flex code for login and flex code that calls the login rest api mentioned (in its delegate layer).

Using FlexSpaces in a module already? What is the name of this startup?

"Web portal developed in Flex" describes its UI. Is there something java based serverside you are trying to SSO with (Liferay? or Tomcat?)

FlexSpaces has some dependencies on tickets (going to look into not requiring the use of tickets).
Going to look into being able to do SSO like how the share doclib portlet in alfresco 3.4 does SSO (to enhance the FlexSpaces portlets (for Liferay, etc.) )

aurel44 · ‎11-30-2010

Sorry, I made a mistake : the Web portal is developped in Java. And yes, I want to SSO the Project Management Web Portal part with FlexSpaces interface.

aurel44 · ‎12-03-2010

I plan now 3 scenarios :
1) CAS+ LDAP directory
2) CAS + a central database
3) CAS + two databases synchronized
What are the advantages and disadvantages of each option?

aurel44 · ‎12-06-2010

What does it mean and what is it : "GET /alfresco/service/api/login?u={username}&pw={password?}" from the link "http://wiki.alfresco.com/wiki/2.1_REST_API#Login" please? I am really a noob and I understand nothing about this command/query.

aurel44 · ‎12-08-2010

OPenPj wrote :

Otherwise you can use a CAS server or an LDAP server for users without importing nothing, but simply configuring Alfresco for one of these providers.

I agree with that

Then you could create a login form for your flex portal to authenticate users against Alfresco using the Login webscript with a GET or POST HTTP call (form action), as described here:
http://wiki.alfresco.com/wiki/2.1_REST_API#Login
This invocation will return a new Alfresco ticket (ALF_TICKET).

I am new to web programming too, so i am sure to understand what is a webscript. Above all, should i write it with Flex? I didn't know that you can use a GET or POST HTTP call then.

Some new remarks?

stevereiner · ‎12-08-2010

http://code.google.com/p/flexspaces/source/browse/trunk/FlexSpaces/src/org/integratedsemantics/flexs...

this is the file in the flexspaces flex/actionscript code that calls the GET login rest api

aurel44 · ‎12-10-2010

Otherwise you can use a CAS server or an LDAP server for users without importing nothing, but simply configuring Alfresco for one of these providers.

How do i do?

Hyland Connect

SSO authentication in a web portal