Is it possible to implement SSO using LDAP in Joomla? - joomla

I realize that Joomla supports LDAP but I don't want my entire database moved over to the Joomla database (for obvious reasons). I was hoping to implement SSO to maybe prevent this from happening. Is this possible? I can't find any good information on it online, after a couple of days of googling and reading different articles. I think maybe JAuthTools might be able to help me do it but even with the wiki surrounding that extension I can't find any good information on it's SSO support. If anyone knows how to do this that would be great. The users are currently stored in Active Directory.

JAuthTools as far as I'm aware isn't actively maintained anymore, and was for Joomla! 1.5.
The last SSO integration we did was with JMapMyLDAP and it seemed to work pretty well and it's last update was less than a month ago.

Related

Siteminder - Request of best references

I am new at using SiteMinder and I would like to know ALL the things that I need to read and understand in order to use it. Please proportionate good references. Thanks.
You should start from the SiteMinder bookshelf.. and proceed from there. One of the good websites that you can look at is ssohelp.com.
You should definitely have some knowledge of web servers and the server platform that you are running SiteMinder on. There aren't a lot of public resources available for Siteminder, so you will need to do some digging through the CA Siteminder book shelf which is fairly thorough but sometimes topics are not arranged correctly.
CoreBlox.com (parent company for ssohelp.com) has some good blog entries that describe some of the not so well documented features of SiteMinder.
I would say that first you must know and understand how HTTP 1.1 works, with a good level of details.
Learning Siteminder is a lot easier if you are knowledgeable enough with HTTP.

Automation layer above a site

I'm looking into creating a website that sits on top of another site. I wish for this site to be a sort of driver/auto-mater of the original site. The original site is slow and you need to input the same data repetitively (and lots of it - which is infuriating)
What would be the best way of doing this.
I have started using watir-webdriver in ruby, and it seems to work well! Would I be able to host this? I know it launches an explorer (fire-fox in my case) and my worry is not being able to host the application?
I don't want to place all my eggs into this one basket and find out later there's a stumbling block to getting it done!
The short answer
I think there are better tools for web scraping than web testing tools (watir and others), and your end result might require a lot more work than you imagine.
The long answer
This sounds like a case of the façade pattern in which your application would act as the new frontend and the old/existing site as the backend for the improved experience of the service.
Some things to think about before jumping into programming:
If the old site requires users to register, would your users be willing to re-register to your site so that you could log them in into the old site programmatically?
How frequently is the same data required to be inputted and how would you prevent it?
The existing site may have expectations on the request headers which might cause you extra headache and require quite some work to circumvent.
Are you allowed to use the existing site's user interface material or do you need to start from scratch?
How often is the existing site changed and how would it affect your application?
In summary, there are lots of factors and issues to take into account depending on how the existing site is implemented and who are your visioned users. Suggesting a best way to do it would require a lot more knowledge of both the existing site and how you'd want to improve it.
I haven't used watir-webdriver myself but if it is like Selenium and starts a new browser instance any time you run it, then hosting it would most likely not work as you'd expect. There are better tools for what you are thinking of doing, i.e. web scraping, and you may want to take a look at the following, for example:
https://www.ruby-toolbox.com/categories/Web_Content_Scrapers
https://www.ruby-toolbox.com/categories/http_clients

Spring MVC and dynamic module deploy

I completed a new MVC web application and my boss asked me to create a new version for a new custumer. Same web application but differente CSS and two new modules (for module I mean a new page used by user to interact with DB). It's not a big deal and quite easy to do, just duplicate the project in my Eclipse and modify it. Two days work and project completed. Well done, all happy but not me.
I was thinking to wordpress, it's really customizable, just create a new template and plugin and activate it. I'd like to do somenthing similar to reduce the new version deploy and the code mainteneance. My question is, how can I do something similar with Spring? or better, is it possible to create a new module and deploy it for a web application? is the Spring dynamic the right option for a MVC Spring application?
thanks,
Andrea
I don't think your approach is correct. You need to discuss with your manager whether this situation is likely to repeat. Because to me it looks like it might.
Let's imagine a scenario: you have a number of copies of your app with some minor enhancements or changes between them. A month later one customer reports about a bug that's really nasty and has to be fixed in every of your app instances. Imagine your pain.
Why don't you approach it with multi-tenancy in mind?
Implement white-labelling, so that depending on the customer your application can get different looks;
Extend the backend, so that customers don't ever see each other's data
Implement configurable features, so that one customer doesn't see extended features that your boss sold to another customer. When he does sell them - it's going to be a matter of toggling a few flags in the database/configs.
Don't want to support multi-tenancy or the product is physically deployed on different (customer) servers? Doesn't matter! If you find a bug, you fix it once and redeploy the jar-file to all the affected systems.
Granted, the above isn't two days of work, but down the road this approach may save a lot more.
As to your question, Spring allows you to customize its looks via changeable styles and layouts. I suggest you to create a sample web app with Spring Roo to see how it's done. However, if I were you I would still aim to have a shared codebase between the projects at the very least.

How to create a group that can only manage registered users in Joomla

I'm making a website for a client and Joomla, I want the client to be able to manage users on the site / delete them if necessary, but that is it, I don't want them to be able to see or do anything else on the site, what is the best way of doing that?
Ideally I would have liked to have this done through the front end, I was looking to make a simple list osf users that only the admin group can access and manually delete them from the DB directly, but I'd rather do it through Joomla if that was possible for security reasons.
I looked at ACL's a bit but couldn't really figure out how to limit the functions to what I want, any help is really appreciated.
From the front end you won't have much luck with that. As far as user management all of that is handled on the backend.
If you're looking to do that sort of thing you'll simply have to get much more familiar with the ACL - there's a good amount of documentation on www.joomla.org
Even by utilizing the ACL I don't think there will be much you can do to limit a particular group to having access to JUST the userbase specifically. The best bet would be to educate your client about Joomla, how it works, what to change, how to change it and why to leave everything else alone. I know that may be problematic for things in the future, but unfortunately I don't know of any (and have not heard of any) front end solutions for what you're looking to do. I haven't heard of any back end solutions either however.
I think certain things will be so intertwined to certain levels of permission you won't be able to have that kind of granularity.
**edit: I'm almost 100% positive there's no way this is possible on 1.5.23 (or earlier versions) because the ACL simply isn't there. So my advice above is aimed specifically at versions up to 1.7.

getting started with Single Sign On / Windows Authentication

First off, The Problem:
We have a Web App with a Flash front-end that talks to our ASP.NET web service via SOAP which then deals with all of our server side code (C#).
Right now, we implement a simple user sign on in our application, storing the info in our MSSQL DB.
A client has requested what I understand to be Windows authentication through our application using the currently logged in user.
So, I have been tasked with investigating this. Nobody, including myself, has any experience in this area.
I have been reading up on some basic Active Directory information, and some simple tutorials. I understand how to get access to the directory using ADSI through code. What I'm really interested in seeing is how the entire thing should be architected. I don't want to throw together a hacky solution.
Does anyone know of a good tutorial for this kind of thing or have any advice on getting started? More importantly, does this even sound viable?
I know I haven't given much information, but feel free to ask and I will provide answers.
Thanks.
Edit:
Will, to give you an idea of the scope of this, the network will include every computer in a large hospital. So yes, this is huge. Clearly I need to start small. I would like to come up with something that will work at my office first. Maybe ~10 Windows computers on a single domain. One Domain Controller.
I am also open to any good books on the subject.
If you are going to tie into Active Directory you will want to take a look at the System.DirectoryServices namespace. The implementations can vary wildly depending on your system architecture, but this should give you a good starting point.
Enjoy!

Resources