New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Single Sign On (SSO) for Windows Enterprise Users #66

Closed
deleolajide opened this Issue Sep 28, 2018 · 1 comment

Comments

Projects
None yet
1 participant
@deleolajide
Member

deleolajide commented Sep 28, 2018

Use the Waffle library to implement SSO for Windows Active Directory Users
See https://github.com/Waffle/waffle

@deleolajide

This comment has been minimized.

Show comment
Hide comment
@deleolajide

deleolajide Sep 28, 2018

Member

The plan is to make this be as simple as possible. Just 2 check box clicks

image

First check box click.

So far so good. This is now working with Waffle Servlet Single-SignOn Security Filter 1.9.1 and is way more easier than Kerberos with Spark.

It however does requires Openfire to be installed on a Windows server that belongs to the Active Directory domain we intend to authenticate against and also because Waffle uses Windows DLLs. This is the majority of use cases for AD integration.

The server-side logic to this is all in the Openfire Chat API plugin. It exposes a SASL mechanism called OFCHAT which has to be enabled.

image

Second check box click

Thats it!! Jetty does the heavy lifting and single sign on between Pade and Openfire. No password is required or exchanged between them. A session token is cached in browser and reused by Converse, Jitsi-Meet and Rest API authentication.

@guusdk : We discussed the in Montreal. What do you think?

Member

deleolajide commented Sep 28, 2018

The plan is to make this be as simple as possible. Just 2 check box clicks

image

First check box click.

So far so good. This is now working with Waffle Servlet Single-SignOn Security Filter 1.9.1 and is way more easier than Kerberos with Spark.

It however does requires Openfire to be installed on a Windows server that belongs to the Active Directory domain we intend to authenticate against and also because Waffle uses Windows DLLs. This is the majority of use cases for AD integration.

The server-side logic to this is all in the Openfire Chat API plugin. It exposes a SASL mechanism called OFCHAT which has to be enabled.

image

Second check box click

Thats it!! Jetty does the heavy lifting and single sign on between Pade and Openfire. No password is required or exchanged between them. A session token is cached in browser and reused by Converse, Jitsi-Meet and Rest API authentication.

@guusdk : We discussed the in Montreal. What do you think?

@deleolajide deleolajide self-assigned this Sep 28, 2018

@deleolajide deleolajide closed this Oct 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment