I will be building a web site as a volunteer for an IT professionals group where I want to use some open source forum, blog, wiki software written in Java to keep my development time minimal. I have chosen the following components.
Forum - JSForum Blog - JRoller Wiki - VeryQuickWiki Hosting - Java Pipe (They provide Tomcat web hosting) Event Calendar - I will code it myself with some other additional pages.
I would like to know what should be my optimal single sing-in strategy in this scenario. I want my users to register in my site once and with that username/password he should be able to post messages in forum, edit some wiki topic, open a blog of his own etc.
One way to do this would be, to use forum's database as the primary user database and use one kind of interceptor that checks every request/response for user session and if not found redirects to login page of forum or my custom login page finally to be authenticated with the forum database. In that case, all the user details of wiki and blogs must be the same as in the forum or must be synchronized. Seems a little bit overwork...
Any idea how to do it in a clean way? Thanks in advance.
Ashik Uzzaman Lead Member of Technical Staff, Salesforce.com, San Francisco, CA, USA.
Your interceptor idea sounds similar to commercial products like SiteMinder. You could have a stand-alone authentication application and essentially disable authentication in all the other apps. When a request comes in...
I've seen a home-made system do this with filters.
BTW: This is "Identity 1.0". See Dick Hardt's presentations ... Do You Know Dick? and Who's the Dick on Your Site? for some other ideas.
A good question is never answered. It is not a bolt to be tightened into place but a seed to be planted and to bear more seed toward the hope of greening the landscape of the idea. John Ciardi