[Opensource] integrating other (coldfusion) systems with expr esso's security

Mike Traum mtraum at cirnetwork.org
Fri Apr 11 13:20:09 PDT 2003 

Both systems will be using ldap, but that will only handle the user
database. I'm trying to have a single sign on across two different app
servers. Here's an example of the scenario:
1. User logs into expresso app
2. Expresso app gives user a menu
3. User clicks menu option which goes to a coldfusion app

The coldfusion app will need to know who the user is without forcing them to
login again. The only way I can think to do this is the way that I
desdcribed, but it just seems ugly, especially the way I mimicing the users'
session.

mike


     -----Original Message-----
     From: larry hamel [mailto:expresso at codeguild.com]
     Sent: Friday, April 11, 2003 1:12 PM
     To: opensource at jcorporate.com
     Subject: Re: [Opensource] integrating other (coldfusion) 
     systems with
     expresso's security
     
     
     consider these options
     
     1) change both systems to use LDAP
     2) access common DB (userstable) from both systems
     3) use httpclient.jar on external system to log into 
     expresso as each user
     
     At 03:40 PM 4/10/2003, you wrote:
     >I need to be able to allow a web application written in 
     coldfusion (not
     >running on the same jvm) to be able to access basic 
     security info, such as
     >the identity (username, uid) of the current user. Right 
     now, the only idea I
     >have is:
     >- use a shared secret so messages between the coldfusion 
     and tomcat servers
     >are known to only be from those servers
     >- coldfusion gets the session id (from the requesting 
     user's cookie) and
     >sends it to an expresso application over http (https if 
     going over insecure
     >network) adding the ;jsessionid= to the end of the url
     >- the expresso app will think the user is making the 
     request, so it can
     >simply return session info   -- I assume this will work, 
     but have never
     >tried it.
     >
     >
     >I'm not liking my idea too much - any better ideas?
     >
     >
     >tia,
     >mike
     >_______________________________________________
     >Opensource mailing list
     >Opensource at jcorporate.com
     >http://mail.jcorporate.com/mailman/listinfo/opensource
     >Archives: http://mail.jcorporate.com/pipermail/opensource/
     
     _______________________________________________
     Opensource mailing list
     Opensource at jcorporate.com
     http://mail.jcorporate.com/mailman/listinfo/opensource
     Archives: http://mail.jcorporate.com/pipermail/opensource/

More information about the Opensource mailing list