Single sign-on (SOS)
+/- out of the box solutions
Full featured SSO solution
CAS (Central Authentication Service)
- has a special protocol, using tickets transfered between connected parties
- integration available as enterprise module
The CAS Server is based on Java / Spring and must be configured / build with access to the user base you want to use for your projects. Users can be stored in various ways (database, LDAP, etc.).
- The NTLM (NT LAN Manager) connector provides single sign-on (SSO) functionality for Windows systems within a trusted domain environment.
- see documentation:
Other modules related to the topic
- users, groups, roles, permissions stored in LDAP (very similar to CAS)
- users are NOT stored in Magnolia jcr
- available as enterprise module
- see documentation
LDAP can also be used as place for user storage. It's not a full-featured SSO solution but can be integrated with other products like CAS.
Q. & A.
Q. Has anyone used spring-security?
A. Yes. It works fine and is used in many projects.
Q. Do SSO-solutions provide Magnolia UIs to manage data?
A. Not out of the box, yet. Usually customers use the UI provided by the the data-source vendor. And some customers created some custom solutions integrated into Magnolia. Since the introduction of Content connector it is possible to create a content-app to maintain the data-sorce (be it LDAP- RDBMS- or some other data).
Q. How long does it take to implement?
B. It depends on
- the knowledge of the developer
- what is existing already data-wise
Using CAS seem to be quite straightforward. As soon as your into the topic and understand the principles of CAS, it is not a very big task to implement it.
Remarks and other recommendation
- Is definitively worth to have a look at.
- Is used by many customers
- not for free
Look at the Magnolia Forum Module to get an idea of how to integrate OpenID (or Google/Yahoo accounts).