[TYPO3-typo3org] just a quick idea // authentification & authorisation & openid // oath server
Helmut Hummel
helmut.hummel at typo3.org
Sat Apr 20 10:42:57 CEST 2013
Hi,
rather than inventing something completely new, which will be a lot of
work for both concept and implementation, I would suggest to look into
the downsides of the current solution and improve it.
On 05.04.13 08:03, Steffen Gebert wrote:
> I agree that the SSO solution is far from optimal.
Can you elaborate on the issues you see with the current SSO solution?
> In my dreams we have an LDAP directory.
How would an LDAP directory would solve any of the issues?
Would it introduce other issues?
> One which works without synchronization?
The issues I see are *not* on the server side, but on the client
application side. I doubt that there is a single solution for all the
applications in our infrastructure that need authentication.
One App might support LDAP, the other OAuth, another one none of both.
Thus any (other) nice and fancy SSO Server solution would most likely
still requure hacks on the client application side.
> SimpleSAML mentioned by Thomas sounds like a really nice addition to
> that, as I'm sure that most of the applications don't offer an OAuth
> integration, thus relying on only OAuth would force us to change from
> custom SSO adapters to custom OAuth adapters.
Exactly.
Kind regards,
Helmut
--
Helmut Hummel
Release Manager TYPO3 6.0
TYPO3 Core Developer, TYPO3 Security Team Member
TYPO3 .... inspiring people to share!
Get involved: typo3.org
More information about the TYPO3-team-typo3org
mailing list