thoughts on single sign-on portal?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Good morning,

I'm hoping to solicit some conceptual ideas on some approaches on how
I can tackle this problem.

The situation:

Over the last 6 months I have built a healthy PHP enterprise framework
on my customers intranet to support the various custom applications
they needed in each department.  The framework works with Zend
Framework, and I am quite happy with it.  Basically, it provides
services to the modules (application) I install within it and easily
allows data integration between legacy and new applications.   Until
recently, all modules/applications I have added are custom developed,
which allows for single sign-on for the users, a central place for
user and application/module administration such as role-based access
controls (which provides an abstraction between the application and
Active Directory), and other services that provide convenience to both
the customer and the developer (code reuse a major issue).

Now, the problem:

The customers are needing solutions that can be solved using open
source COTS products, such as a blog (wordpress), wiki (mediawiki),
etc.  Essentially, the scope of the framework is evolving from a
modular framework to house custom applications into one that also
integrates COTS applications.  Many of the COTS application I've
looked at can fit in well and I simply need to create a portal to the
application at the desired MVC namespaces.  The problem I'm having is
when integrating the COTS solution, I do not want to make any changes
to the application itself (to ease upgrades and maintenance later
on).  With this requirement in mind, I want to be able to  make the
integration between the COTS application and my framework seamless (my
framework still handles the authentication and authorization and can
work with the COTS API, but not break it.

My thoughts on the solution:

Without changing the COTS core code, I feel I'm kinda limited.

Perhaps I can create an application environment class and stage the
environment to what each application needs when accessed.  For
example, set the expected session variables that would be there for an
authenticated session.  This doesn't smell right to me and could get
very complex with applications with complicated access controls.

What are some other ways I may be able to achieve this?

Re: thoughts on single sign-on portal?

ELINTPimp wrote:

Quoted text here. Click to load it

Looked into OpenID? (Google for it.) It's catching on pretty quickly and
Wordpress -- perhaps MedaiWiki too? -- supports it for authentication IIRC.

For those products you use that *don't* support OpenID, then I'd be
willing to bet money that they'd appreciate a good patch to implement it!

Toby A Inkster BSc (Hons) ARCS
[Geek of HTML/SQL/Perl/PHP/Python/Apache/Linux]
[OS: Linux, up 20 days, 23:57.]

                               Bottled Water

Re: thoughts on single sign-on portal?

Quoted text here. Click to load it


Thank you, this seems very promising.



Site Timeline