i would like to use user authentication with google single sign on/authentication systems for one of Content management site using plone.
Please some one help me out how to do and the best way to complete it.
Related
This question already has an answer here:
Automatic Login from one web site to Moodle web site?
(1 answer)
Closed last year.
I have an user details stored in my web site database and Moodle database. I logged my website with that credentials , Moodle also auto login with that credentials is there any way? Or any Code is available?
If you're handling credentials correctly (and Moodle does), you DO NOT STORE THE ACTUAL PASSWORD! Instead, you store a salted hash of the password.
When someone tries to log in, you salt and hash the attempted password using the same salt and hashing algorithm. This will give you the same result as the value in the database, and so instead of comparing passwords directly you now compare hash values. In this way your users are protected from having their passwords leaked if someone breaches your application.
If you're not doing it this way on your own site, you're doing it WRONG and need to fix it ASAP. This is big deal!
Here's the thing: the two web sites aren't necessarily using the same hashing algorithm, and certainly aren't using the same salt. Therefore the user credentials you have saved for your web site are NOT the same credentials saved in Moodle, even if all the users have the same password.
But what you're really asking about is SSO (single-sign-on). There are (safer!) ways to support this. SAML, CAS, Shibboleth, and OAuth come to mind, and Moodle definitely supports these. You can also have Shared (as opposed to Single) Sign-On, where both your app and Moodle use a third party such as AD or LDAP for identity verification, so the username/password credentials are the same but you still have to sign into both applications separately.
Unfortunately, you will need to build this into your own app, as well, and perhaps even add an additional authentication portal server to your organization to act as the trusted intermediary between each of these applications. There are a number or products you can use, including some that are open source or may already be included with other licensing, so you don't have to start from scratch or necessarily make an expensive purchase here.
The good news here is these products generally also put you into a good position to start supporting Multi-Factor Authentication, which is also an important feature to provide.
I'm developing an application where Google Drive will be used to manage some documents. The idea is to create a document with some initial template data and provide the users access by adding them as collaborators of the document.
I'm familiar with the OAuth authentication process, I used it in another part of the system to manage the users Calendar...
But in this case these documents will be stored in a generic account of the company, so I can't have the approval prompt for authentication, since users won't have the password of the account.
I'd like to directly authenticate in this account, could be with the username and password hardcoded in the Java code.
Problem that this method of authentication was depreacated and I didn't found a relpacement.
Any ideas?
Thanks in advance,
Phillip
There are 2 ways that comes to mind:
Service accounts: best suited for server side OAuth with traditional backend
Regular Account owned by the application : similar to the process already in place for client side Oauth that you are already familiar with; Auth, store the refresh, ask new token if the AuthCode is expired, and so on.
I personally use and prefer the second solution more as I feel is more flexible to adapt in the future for Oauth Client Side get the tokens and use them server side.
I want to implement OAuth/OpenID for Website One and use it in Website Two.
I create Sign Up, Sign In, Sign Out, Profile functionality/Pages for Website One and want to use authentication in Website Two like Facebook or Twitter authentication.
As an additional information if you got interest you can visit trial websites of Website One and Website Two. Please do not expect full or correct functionality because as I said above they are just trials yet.
P.S.
I decided to use OAuth. Forget about OpenID.
I had a look at your sites. It's not working this way.
You want STOZE to use the authentication from TIKSN? Well, you have to configure STOZE as an "oAuth resource server", so it keeps the protected resources, and configured to work only with token he gets from TIKSN, which will be configured as an "oAuth identity provider".
Read a little bit about oAuth...
OpenID is a different story - then, you will have to configure TIKSN as "OpenID provider", and configure STOZE to enable it to work with OpenID providers (so TIKSN will be one of them, but you will be able to use also Google, Yahoo, etc)
Read a little bit about OpenID...
HTH
What is the best way to share authentication information between two unrelated applications. Is there a standard for this?
For example, if I use MoinMoin and vBulletin on a same website, is it possible for both systems to share the same authentication information (i.e. so, a user will only need to signup for 1 to have a common login for both)?
Possible yes. Worth the effort? I'm not sure. I would look at one of the open authentication systems such as OpenID to get this kind of thing to work.
I recently was tasked to implement Single Sign In functionality where users could register and sign in to this site using their credentials from a more popular site. That got me to start looking and asking around as to who was doing Single Sign In. I was surprised to learn how much of a hot button topic it turned out to be.
If you have rolled out Single Sign In for a web application, then which authentication providers did you end up using and why?
Try OpenID, stackoverflow uses it as well.
OpenID is very good if its an internet application. Lets users use things like their google account to log into yours.
If it is an intranet application then Windows Auth is fairly common but it works best with IE.