[TYPO3-typo3org] just a quick idea // authentification & authorisation & openid // oath server

[Helmut Hummel]

Hi,

rather than inventing something completely new, which will be a lot of 
work for both concept and implementation, I would suggest to look into 
the downsides of the current solution and improve it.

On 05.04.13 08:03, Steffen Gebert wrote:

> I agree that the SSO solution is far from optimal.

Can you elaborate on the issues you see with the current SSO solution?

> In my dreams we have an LDAP directory.

How would an LDAP directory would solve any of the issues?
Would it introduce other issues?

> One which works without synchronization?

The issues I see are *not* on the server side, but on the client 
application side. I doubt that there is a single solution for all the 
applications in our infrastructure that need authentication.
One App might support LDAP, the other OAuth, another one none of both.

Thus any (other) nice and fancy SSO Server solution would most likely 
still requure hacks on the client application side.

> SimpleSAML mentioned by Thomas sounds like a really nice addition to
> that, as I'm sure that most of the applications don't offer an OAuth
> integration, thus relying on only OAuth would force us to change from
> custom SSO adapters to custom OAuth adapters.

Exactly.


Kind regards,
Helmut

-- 
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member

TYPO3 .... inspiring people to share!
Get involved: typo3.org