如何对我现有的 Web 应用程序实施 openAM SSO [英] How to implement openAM SSO to my existing web applications
问题描述
我正在尝试使用 OpenAM 在我现有的 Web 应用程序中实现 SSO,参考以下链接
I'm try to implementing SSO in my existing web applications with using OpenAM by refer following link
http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity_21.html
附注.我的网络应用程序已经有自己的登录页面
PS. my web applications have their own login page already
现在实现后得到的是,openAM 登录页面在我的 Web 应用程序中受到保护,我需要再次登录我的应用程序
Now what is got after implementation is, openAM login page are protected in my web applications and i need to make login again to my application
我需要的是,想跳过我的应用程序的登录页面成为单点登录.
what i need is, want to skip the login page of my application to become single sign on.
那么,谁能告诉我我还需要完成哪些任务?我需要修改我的应用程序的登录页面吗?我需要任何数据库或数据存储来保存用户登录信息吗?
so, can anyone tell me what tasks need i do left? do i need to revise my Login page of my application? do i need any database or datastore to keep user login information?
推荐答案
既然 OpenAM 代理已在您的应用程序之上就位,您的 Web 应用程序可以在假设已经存在有效登录用户的情况下工作 -您需要从您的网络应用中删除登录页面.
Now that an OpenAM agent is in place on top of your app, your web app can work under the assumption the there is already a valid logged-in user - you need to remove the login page from your web app.
要获取当前用户的详细信息,只需更改您的 OpenAM 代理配置以设置带有相关字段(如用户名、全名等)的 HTTP 标头.然后,您只需检查 HTTP 标头而不是 Web 应用程序登录页面(应该是安全的,不会被欺骗,因为只要进入您的网络应用程序的唯一途径是通过 OpenAM 代理).
To get the current user details just alter your OpenAM agent config to set HTTP headers with relevant fields like username, full name, etc. Then instead of a web app login page you just check HTTP headers (should be safe from spoofing as long as the only route into your web app is coming through the OpenAM agent).
另一种方法是获取 OpenAM cookie 并使用它直接对服务器进行 REST 调用.使事情变得更加脆弱,因为您现在需要维护额外的配置.
Another way is to grab the OpenAM cookie and use it to make REST calls directly to the server. Makes things a little more fragile though because you now need to maintain additional config.
您的网络应用程序不一定需要任何额外的用户表/数据存储,只有当您需要将他们的登录名映射到您的网络应用程序正在执行的任何操作(保存首选项等)时,您才需要检查您获得的用户名是否已存在于您的应用程序中.如果没有,则添加它.
You don't necessarily need any additional user tables / datastores for your web app, only if you need to map their login name to whatever it is your web app is doing (saving preferences, etc) in which case you need to check that the username you've been given already exists inside your app. If not then add it.
这篇关于如何对我现有的 Web 应用程序实施 openAM SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
