Page tree
Skip to end of metadata
Go to start of metadata

Single sign-on (SOS)

 +/- out of the box solutions

Full featured SSO solution

CAS (Central Authentication Service)

  • has a special protocol, using tickets transfered between connected parties
  • integration available as enterprise module
    • requires some configuration work
    • you have to prepare your CAS-stuff (connect to LDAP, RDBMS, ...)
    • see documentation: 

The CAS Server is based on Java / Spring and must be configured / build with access to the user base you want to use for your projects. Users can be stored in various ways (database, LDAP, etc.).

NTLM

  • The NTLM (NT LAN Manager) connector provides single sign-on (SSO) functionality for Windows systems within a trusted domain environment.
  • see documentation:

Other modules related to the topic

LDAP

  • users, groups, roles, permissions stored in LDAP (very similar to CAS)
  • users are NOT stored in Magnolia jcr
  • available as enterprise module
  • see documentation

LDAP can also be used as place for user storage. It's not a full-featured SSO solution but can be integrated with other products like CAS.

Q. & A.

Q. Has anyone used spring-security?
A.
Yes. It works fine and is used in many projects.

Q. Do SSO-solutions provide Magnolia UIs to manage data?
A
. Not out of the box, yet. Usually customers use the UI provided by the the data-source vendor. And some customers created some custom solutions integrated into Magnolia. Since the introduction of Content connector it is possible to create a content-app to maintain the data-sorce (be it LDAP- RDBMS- or some other data).

Q. How long does it take to implement?
B
. It depends on

  • the knowledge of the developer
  • what is existing already data-wise

Using CAS seem to be quite straightforward. As soon as your into the topic and understand the principles of CAS, it is not a very big task to implement it.

Remarks and other recommendation

Airlock

  • Is definitively worth to have a look at.
  • Is used by many customers
  • not for free

OpenID

Look at the Magnolia Forum Module to get an idea of how to integrate OpenID (or Google/Yahoo accounts).

 

 

 

 

  • No labels

1 Comment

  1. If I'm not completely wrong Airlock is not just "not free" but really, really expensive...