Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Implement Single Sign On (SSO) for Windows Enterprise Users #66
The plan is to make this be as simple as possible. Just 2 check box clicks
First check box click.
So far so good. This is now working with Waffle Servlet Single-SignOn Security Filter 1.9.1 and is way more easier than Kerberos with Spark.
It however does requires Openfire to be installed on a Windows server that belongs to the Active Directory domain we intend to authenticate against and also because Waffle uses Windows DLLs. This is the majority of use cases for AD integration.
The server-side logic to this is all in the Openfire Chat API plugin. It exposes a SASL mechanism called OFCHAT which has to be enabled.
Second check box click
Thats it!! Jetty does the heavy lifting and single sign on between Pade and Openfire. No password is required or exchanged between them. A session token is cached in browser and reused by Converse, Jitsi-Meet and Rest API authentication.
@guusdk : We discussed the in Montreal. What do you think?