Hello,

I have to create a centralized repository of credentials and access roles.

Briefly explain my scenario.

I hava an application, composed of several modules. For this application are defined the user, the group and obviously roles. Among the components of this sofware has created a SSO. This software is customizable to the point that you can afford based on the events to launch other applications, including third parties application.

And I find myself in the position of having to create a web application that must reside on the same machine, but for commercial reasons on another web server, launched the first application to which I have referred.

Now the problem comes from authentication authorization from the second web application, created by me. In essence, the rule should be: if you have an account valid at the first application, and belong to a particular group, you can access the web application created by me.

So basically I should centralize the accounts of the first application and make sure that they are valid also for the second application.

This thing you can do it with LDAP?

It 's the first time I get close to LDAP, if this thing is possible someone can spigarmi how can I achieve it?

I do not want everything nice and done, I want to learn!

Thank you all.

First thing you need to identify is how the SSO/authentication happens on the first web application. If it is is a proprietary setup with no API you will more than likely not be able to query the same database for credentials. As far as sessions go this is an even bigger challenge, being able to check for valid sessions against a third party app and authenticate to a app that you've written are basically impossible unless there is some documentation available or you know how the sessions work. Sometimes you can identify it via a review of the code if you have access but if it's a compiled binary you are basically SOL on that.


IF you have the option of switching your first app to use LDAP for backend authentication you could switch it over to that and use your app to query the LDAP server that way the creds are teh same across both but that will not allow you to automatically authenticate people based upon sessions that already exist on another application.



So basically unless you currently have or able to get extensive documentation on how the sessions are configured for the application this is a pretty impossible solution.


This is one of those things that sounds great and easy on paper from a management perspective but for implementation it is extremely tough.

Thank you for your comment. I obviously forgot to say that the first application allows you to add and configure an external LDAP.

Well then if you are able to use backend for LDAP then you should have no problems creating the appropriate groups/roles for permissions on both sides. The only thing that would be an issue is that it would not be a SSO solution unless you can figure out how to use the sessions the other application uses.

I repeat are at the very beginning with LDAP you tell me the material to be studied? Maybe with some good example.

http://www.debuntu.org/how-to-set-up...d-its-clients/

The above is a good overview but I'm sure you must already have some sort of authentication. Are you using a windows domain controller and AD for user accounts? If so you can use LDAP to query against Active Directory that way you don't have to maintain two separate sets of credentials.

On a side note, LDAP is a monster to learn(atleast it was for me), so feel free to ask for help along the way.


http://www.cyberciti.biz/tips/authen...directory.html