|
List Info
Thread: single-sign-on
|
|
| single-sign-on |
 
Slovakia |
2007-05-29 02:59:30 |
hi,
i probably will have to implement a single-sign-on (SSO)
solution for
several django-based intranet web-applications.
i looked into the mailing list archives, and found this:
http://blog.case.edu/bmb12/2006/12/cas_for_django_part_2
it uses CAS (http://en.wikipedia.org/wiki/Central_Authentication_S
ervice).
my question is:
did anyone else implement a SSO solution in django?
because there are a lot of different approaches, this
wikipedia page
(http://en
.wikipedia.org/wiki/Single_sign_on) lists a bunch of
them.
so i'm looking for some recommendations which one to use,
or, which one
not-to-use.
thanks,
gabor
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-users googlegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
| Re: single-sign-on |
|
2007-05-29 06:31:28 |
2007/5/29, Gábor Farkas <gabornekomancer.net>:
>
> hi,
>
> i probably will have to implement a single-sign-on
(SSO) solution for
> several django-based intranet web-applications.
>
> i looked into the mailing list archives, and found
this:
>
> http://blog.case.edu/bmb12/2006/12/cas_for_django_part_2
>
> it uses CAS (http://en.wikipedia.org/wiki/Central_Authentication_S
ervice).
>
> my question is:
>
> did anyone else implement a SSO solution in django?
>
There is the OpenID implementation of Simon Willison here:
http://simonwillison.net/2007/Apr/24/openidconsumer/
And if you don't know what OpenID is:
http://s
imonwillison.net/2006/Dec/19/openid/
Cheers,
David
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
| Re: single-sign-on |
|
2007-05-29 06:33:29 |
Twas brillig at 13:31:28 29.05.2007 UTC+02 when David Larlet
did gyre and gimble:
DL> And if you don't know what OpenID is:
DL> http://s
imonwillison.net/2006/Dec/19/openid/
Single identity and single sign-on are the quite orthogonal
things.
--
JID: dottedmagjabber.dottedmag.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
| Re: single-sign-on |
 
United Kingdom |
2007-05-29 06:53:42 |
On Tue, May 29, 2007 at 06:33:29PM +0700, Mikhail Gusarov
wrote:
> DL> And if you don't know what OpenID is:
> DL> http://s
imonwillison.net/2006/Dec/19/openid/
>
> Single identity and single sign-on are the quite
orthogonal things.
Isn't one usually a subset of the other? I can't think of a
way of
doing SSO without single identity, unless you do it without
doing
separate identities. (So I guess from the point of view of
wanting
single sign-on group authorisation, or something like
that.)
So they're orthogonal sometimes, but in the general case
they're
actually not (because in the general case you want to
identify
granularly, then apply group membership and similar aspects
of
identity to determine authentication; so you want SSO to
work at the
level of single identity).
I'm probably missing something here...
James
--
/-----------------------------------------------------------
---------------
James Aylett
xapian.org
jamestartarus.org
uncertaintydivision.org
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
| Re: single-sign-on |
|
2007-05-29 07:03:17 |
Twas brillig at 12:53:42 29.05.2007 UTC+01 when James Aylett
did gyre and gimble:
>> DL> And if you don't know what OpenID is:
>> DL> http://s
imonwillison.net/2006/Dec/19/openid/
>>
>> Single identity and single sign-on are the quite
orthogonal things.
JA> Isn't one usually a subset of the other? I can't
think of a way of doing
JA> SSO without single identity, unless you do it
without doing separate
JA> identities.
Well, I've seen ad-hoc SSO solutions with N apps doing the
NxN cross-application
session management 
JA> So they're orthogonal sometimes, but in the general
case they're actually
JA> not (because in the general case you want to
identify granularly, then
JA> apply group membership and similar aspects of
identity to determine
JA> authentication; so you want SSO to work at the level
of single identity).
OpenID does not provide SSO functionality itself, so it is
just not enough to
solve the problem (I suppose the problem is "log on
once, and then navigate
between applications without the need to manually identify
or authenticate
myself in any other application"): you need some
additional layer (such as
central relay keeping global session cookies) to implement
SSO with OpenID, and
I'm not sure it is possible with OpenID protocol.
And yes, OpenID provides single identity and you may
implement authorization on
top of it, if it is everything what's needed.
JA> I'm probably missing something here...
Nevermind, I just nitpicked
--
JID: dottedmagjabber.dottedmag.net
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
| Re: single-sign-on |
Slovakia |
2007-05-30 01:02:04 |
David Larlet wrote:
> 2007/5/29, Gábor Farkas <gabornekomancer.net>:
>> hi,
>>
>> i probably will have to implement a single-sign-on
(SSO) solution for
>> several django-based intranet web-applications.
>>
>> i looked into the mailing list archives, and found
this:
>>
>> http://blog.case.edu/bmb12/2006/12/cas_for_django_part_2
>>
>> it uses CAS (http://en.wikipedia.org/wiki/Central_Authentication_S
ervice).
>>
>> my question is:
>>
>> did anyone else implement a SSO solution in
django?
>>
>
> There is the OpenID implementation of Simon Willison
here:
>
http://simonwillison.net/2007/Apr/24/openidconsumer/
thanks for the idea.
i knew about OpenID, but because the thing i will have to
implement will
be used only inside the company, i somehow thought OpenID
might not be
what i need. but now that i think more about it, it may be
suitable.
thanks,
gabor
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Django users" group.
To post to this group, send email to django-usersgooglegroups.com
To unsubscribe from this group, send email to
django-users-unsubscribegooglegroups.com
For more options, visit this group at htt
p://groups.google.com/group/django-users?hl=en
-~----------~----~----~----~------~----~------~--~---
|
|
[1-6]
|
|