Sso Con Typo
Ekkehard Guembel, net&works GmbH A net&works TYPO3 Partner Network Whitepaper http://typo3.naw.de
This document is published under the Open Content License available fromhttp://www.opencontent.org/opl.shtml The content of this document is related to TYPO3 - a GNU/GPL CMS/Framework available from www.typo3.com
Introduction
• • • • •
TYPO3 Single Sign-On providesseamless integration of Third Party (i.e. non-TYPO3) Web Applications into the TYPO3 frontend. This includes access to “Third Party Applications” (TPAs) with no additional logon (for authenticatedTYPO3-users), role-based integration of the TPAs into TYPO3 navigation or content, a sophisticated three-layer security architecture, no need for server-to-server communication, no need for central reverseproxies no need for a common/shared/synchronized password database or even user database.
Architecture
TYPO3 Single Sign-On allows direct access to the Third Party Application (TPA) by securelypassing a one-time-token to the browser (via URL). Thus, TPAs may be distributed across the net. Basically, we find a 3-layer architecture: • • • TYPO3 dynamically creates a link that includes thedesired TPA, user name, and various security information. The SSO Agent, located on each target system (the machine where the TPA lives), validates the incoming browser request , talks to the TPA Adapter,and gives back an HTTP redirect to the browser that points to the TPA itself. The TPA Adapter is invoked by the SSO Agent. It creates a valid user session ("logs on the user") by application-specificmeans, and returns all information needed to the SSO Agent (in a defined format). This adapter is TPA-specific - this means that you need to find or develop an appropriate adapter for every TPA thatyou wish to integrate. It may be written in any language you favour. See www.single-signon.com (available after the TYPO3 extension has been released) for existing TPA adapters.
Security
• • • • •...
Regístrate para leer el documento completo.