OrangeScape Developer Community

A community for Application Developers on OrangeScape's Platform-as-a-Service

Trying to understand the general login mechanism / flow

Hi  I have a requirement of implementing a custom SSO on an OrangeScape app deployed on JBOSS. I have configured the app to connect to LDAP for authentication, which is working fine. 

What I want to do is implement a custom SSO for this app. If user is already signed into SSO login, the user request will have a uid ( username/email ) and a 'token' parameter in the request header. I would like to 'extend' the out-of-the-box LDAP Authentication classes/methods to intercept this request, extract uid and token, validate the token ( custom code ) and in case of valid token, do an 'auto-login' of this uid with no password ( since password of this user could be different for different systems in SSO ).

I have been digging the application code ( python ) and am able to figure out few things like the LDAP auth, enterprise auth classes, renderLogin, authenticate methods etc, but no able exactly pin point the flow and decide where to inject this piece of code.

Can someone please help / guide ?

Tags: authenticate, custom, ldap, login, sso

Views: 42

Reply to This

Replies to This Discussion

Permalink Reply by Anbarasan on March 6, 2013 at 3:36pm

Hi Abhay,

Please look at the section Single Sign On in this post.

http://community.orangescape.com/profiles/blogs/ldap-authentication...

Permalink Reply by Abhay on March 6, 2013 at 7:48pm

Hi Anbarasan

This is probably applicable to SSO between multiple OrangeScape applications.  What we are trying to establish is SSO between a non OrangeScape and an OrangeScape application.  So here, since the SSO provider is different ( not Apache ), we can not use what the blog is suggesting.  

What I need is to do is basically intercept the request / call "before" it goes to LDAP Authentication and "bypass" the authentication altogether in case of the token match. Can you tell me where ( which python class/method ) I should be putting this 'custom' code in ?

Would appreciate a quick reply , thanks !!

Permalink Reply by Anbarasan on March 8, 2013 at 12:55pm

Abhay,

     Please go through the following link. This should give you an idea as to where to insert your methods.  If you have any questions please post back here.

https://sites.google.com/a/orangescape.com/orangescape-wiki/form-de...

RSS

© 2013   Created by OrangeScape Technologies.

Badges  |  Report an Issue  |  Terms of Service