We have shell web application which shows different applications allowed to logged in user. We use Drupal/CAS server to authenticate/log in to this application. Once user is logged in, he/she does not have to login to other applications. Same credentials are passed to other applications. Now we want to integrate Magento in this application, say user1 logs into our shell web application, he/she will see link to magento store, when he clicks on it, it will automatically get logged into Magento site and don't have to enter user id/password.
Our authentication service uses CAS server under Drupal.
Thanks
It does not appear that Magento natively supports CAS nor that anyone as built a native library. Magento seems to be able to be connected to CAS only through an additional library: Magento Documentation
Related
Requirement: I've a Ruby on Rails application named as "RoR App", for instance. Several different clients have their own Active Directory and when a user hits a particular URL in the "RoR App" then the control will be redirected to the client's login page where user will provide their AD credentials.
Once authenticated, a callback will be called to the "RoR App" where a user's session be created.
Work Done: So far, I'm able to use omniauth-saml gem to redirect to some URL (will be client's login page later) when a user enters a particular URL in "RoR App" using SAML.
Questions:
For testing purpose, do I need to create a login page in some technology (RoR, PRP etc), which will work as client's (IDP) login page. And when the user provide their credentials then I've to write some code in backend to authenticate with active directory?
OR
Does AD or windows provides some self-managed login page which can be created (after some configuration) and performed authentication process itself?
I'm new to Active Directory, so sorry it might be some obvious question.
Atlast, we've used Active Directory Federation Services (ADFS) for setting up the IDP which provides the login page and authenticate the user by using the configured user credentials in Active Directory.
I need to do windows authentication(Intranet users) for LifeRay Login Portal. LifeRay Login uses same UID and PWD which is used for Windows Login. Both Windows Login and LifeRay login interacts with Active Directory for Authentication. So My requirement is to land user on HomePage instead of asking user credentials.
After Doing R&D I came to conclusion that I should use option provided in LifeRay Admin Portal(Authentication) - CAS SSO / NTLM SSO .
I am not clear which option will be correct for my requirement OR any other option you see fitting as solution for my requirement.
Kindly Help.
I am not sure how to correctly handle Google domain application access/revoke. Situation is quite standard:
domain admin installs an application through marketplace workflow (scopes, setup url, ...)
application is than listed in admin console for domain (https://admin.google.com/AdminHome?fral=1#AppsList:serviceType=MARKETPLACE)
everything works fine, users can access app
at some moment, for some reason admin revokes application data access through the admin console for whatever reason (application is not deleted, only "disabled")
since than, as there is no privilege granted for app in domain, every user who accesses the application is redirected to error page
And here comes the question - how to properly detect and handle this. As some Google docs say, app should re-request required privileges through consent screen (approval force param).
But as my tests show - when user (admin or non-admin) accepts scopes needed on consent screen, application on admin console is still displayed with no data access.
But the same application is instead listed in user's connected apps (https://security.google.com/settings/security/permissions), even it is domain-installable app!
So do I programmatically handle this situation. Is there a way, or should I just redirect (admin)user to admin console to manually turn data access for that application on?
BTW, after marketplace installation, "sometimes" another consent screen pops up first time visiting app url - which obviously requests same scopes as marketplace listing - why is that?
On that case, application is dually listed like in previous case - in domain and in user's connected apps.
I am planning to allow users to login to a website I am developing using their social network logins. Probably using one of the multi-provider services such as Janrain, OneAll, LoginRadius. What I want to know is, if a user of my site is already logged into their social network site when they visit my site, how do I go about automatically signing them in? The example I have come across that does this is goodreads.com.
I've developing in ASP.NET MVC3 but I would welcome any explanations/examples on how I go about this in any technology or even just the theory.
I'm working at OneAll and I'm glad to answer your question.
After a user has logged in with Social Login, you create a new account in your database, you log the user in and you set a cookie.
When the same user comes back in a couple of days, you detect that he has a cookie and you use the cookie information to automatically log him him and you refresh the cookie.
I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins