[TYPO3-dev] How to use external Webservice for Login?
Widmann, Manfred
mpunktw at gmx.net
Tue Feb 5 09:04:54 CET 2008
"Martin Kutschker" <martin.kutschker-n0spam at no5pam-blackbox.net> schrieb im
Newsbeitrag
news:mailman.1.1202112449.22963.typo3-dev at lists.netfielders.de...
> Dmitry Dulepov [typo3] schrieb:
>> Hi!
>>
>> Widmann, Manfred wrote:
>>> We have got an external webservice which gets user/password as
>>> parameters and returns a usergroup (or "invalid") as result.
>>>
>>> We want to use this for TYPO3-Login to get real TYPO3 users almost like
>>> they would log in with newloginbox ... how we are doing this in a
>>> secure way?
>>
>> You need a custom authentication service for TYPO3.
>
> Right. But your service may only authenticate the user. You still need
> be_user records in the DB. The mentioned LDAP extensions do this by
> syncing the data in a batch job or on-the-fly (ie durung the
> authentication if the user record doesn't exist).
>
> Masi
Can you name those extension which does ist the right way? I saw extensions
working with hidden forms and javascript ...
Is the following true:
With an auth service I extend class.tx_sv_auth.php and overwrite authUser()
to fullfill password checking the desired (own) way. In fact it's only
necessary to create a service extension, copy the source of
class.tx_sv_auth.php's authUser() and replace the compareUident() call with
the call of our service?
Please forgive me if this sounds a bit naive to your (professional TYPO3)
ears ...
More information about the TYPO3-dev
mailing list