I have a GWT application that I would like to integrate with the Joomla login system. Everytime an AJAX request is sent to the server, the application should check that the user is authenticated (username and password pass)
Any ideas of how to implement this?
I had these ideas but don't like them for the reasons mentioned:
Ask the user for there username and password (again...) and then save it in a cookie. (Security is an issue and I have to ask them for the username and password after they have already logged into the main joomla system.
Save the username and password in a PHP session variable. (This might work but what would happen if the sesson timed out, the user may take some time configuring the GWT data structures, so it would not be nice for an error like this to occur).
Does anyone have better ideas?
Will users be authenticating against the GWT application? If so, you might want to create an Authentication plugin for Joomla that backfills users from GWT into Joomla.
Related
Assume a user uses the domain name and password to login his personal computer, and then i want to get the current user information(such as a session) from the ldap server. Because i would like to use this session to login another web site without password.
I am not sure if i describe this question clearly, i summarize it again as below:
1. User login PC with his password and username
2. The script get this user's session from ldap server and stored
3. When this user want to login another webpage, this website use the session to login (without password)
Is there any ideas about this? i still don't know how to implement with this.
As far as I'm aware LDAP does not have a concept of a session on the level of authenticating the people in the directory (as opposed to authenticating access to the LDAP server). So the answer is that you don't. LDAP is typically only used to store the user information.
What you need is some sort of single sign-on (SSO) solution. It can use LDAP to store the user data of course.
I agree with Lennart. From LDAP, there is no mechanism to determine if the user is already bound.
There maybe some extensions or controls or SASL mechanisms that could provide that information from some LDAP server vendor implementations.
-jim
I want to retrieve the Windows login of my users when they run my JSF script. The goal is to avoid asking my user a login information, just want get the Windows login throw the request.
I try this How to obtain request headers, remote address and other HttpServletRequest-specific information? but I always get a null String with externalContext.getRemoteUser().
Does it mean that the web browser doesn't send the remote user information? Must I change the configuration of my browser? Is it possible to get this information?
Thanks,
Philippe
Spring security kerberos plugin will pull this off quite nicely, but you'll be taking the spring framework on as a dependency. I'm also assuming here that you're running a managed security enterprise where your users authenticate against a domain.
What you want to achieve cannot be done by pure Java EE spec (someone prove otherwise). The purpose of the getRemoteUser method is to retrieve the username of the authenticated user who has been authenticated either by the Webapp container or third party web auth framework. See spec here
See this answer for more insight
I am planning to allow users to login to a website I am developing using their social network logins. Probably using one of the multi-provider services such as Janrain, OneAll, LoginRadius. What I want to know is, if a user of my site is already logged into their social network site when they visit my site, how do I go about automatically signing them in? The example I have come across that does this is goodreads.com.
I've developing in ASP.NET MVC3 but I would welcome any explanations/examples on how I go about this in any technology or even just the theory.
I'm working at OneAll and I'm glad to answer your question.
After a user has logged in with Social Login, you create a new account in your database, you log the user in and you set a cookie.
When the same user comes back in a couple of days, you detect that he has a cookie and you use the cookie information to automatically log him him and you refresh the cookie.
I have a website already running made with CakePHP, which has its own login system using the Auth component.
Now I'm going to create another website using moodle, hosted in the same server. Is there any way to share the user session between those 2 websites?
For example, if a user logs into the moodle website and clicks a link to a page of the other website, he is not asked to log in again, since the system recognises that he is already logged in.
I guess that one thing to do would be to tell moodle (somehow) to use same table of users in the database that the CakePHP website is already using. And then tell the CakePHP website to accept the sessions created in that other website. Something like this right?
But I don't know how to do those things or if they even possible, any advice on how to approach this would be very helpful.
Single sign-on (SSO) is not currently a trivial thing to do in Moodle.
Some other approaches you may consider are:
Use external authentication in Moodle and configure it to use Cake's database. Does not provide SSO but tells Moodle to use Cake's user accounts.
Configure both Moodle and Cake to use a common authentication system like LDAP, POP3 or CAS. Depending of your choice it is possible that you may achieve SSO.
More information about Moodle authentication plug-ins in this page:
http://docs.moodle.org/dev/Authentication_plugins
I have developed a mobile application using asp.net mvc3,html5,jquerymobile. I am authenticating the user using the ADFS authentication. Using IPAD or IPhone once the user is authenticated he is able to perform a download functionality in order to download an application. Now once the download functionality is completed when the user again tries to navigate back to the application he is prompted with the login window once again.
I need to stop the user from again entering the login credentials once again. So I thought of caching the user credentials will be good idea.
Can anyone help me to know how can we cache the user credential details in this case in order to prevent the user from entering the login credentials once again.
Thanks & Regards,
Santosh Kumar Patro
You could use persistent cookies. When authenticating simply pass true as second argument to the FormsAuthentication.SetAuthCookie method. This will emit a cookie that will be stored on the client for the given timeout period that you specify in the <forms> of your web.config.