[Product-Developers] Re: Single sign on across heterogenuous systems

Matthew Wilkes matt at matthewwilkes.name
Tue Jul 1 11:05:20 UTC 2008


On Heisei 0020-07-01, at 082743BST, Martin Aspeli wrote:

> Yeah, that thought did cross my mind. However, I'm not sure
>
> a) how to run an openid server

I've been working on circulartriangle.openid (collective) that's  
nowhere near ready as I've not had much time to play but it _does_  
provide a working OpenID server for some simple by-hand testing.

> This sounds like something where CAS, possibly in combination with  
> LDAP,
> provides an out-of-the-box solution.

Indeed, CAS authentication working with Plone is nice and simple, it's  
in use all over bris.ac.uk and ubu.org.uk.

> I've tested shibboleth and Plone, works fine.

Also fine, although shibboleth works very differently, you often don't  
get an assertion of the username, just his privileges.  Bit more  
hassle to set up too, although I was federating through JANET so it  
may be easier to run your own federation.

Also, I've got Stanford webauth working with Plone, although the  
Apache plugin can be a bit flaky.

Matt






More information about the Product-Developers mailing list