I'm trying to find the best way to create a Portal type site which is to be used on a development server. The idea is that a client can login at the portal site, which will then display a list of projects that are currently being worked on for them that they can click and be taken to that project without the need to login again.
Base criteria:
The portal site must be the only way to login and access the projects (other clients projects are on the server and i would like to control access to them through the portal)
The client must remain logged in so they can browse multiple projects they own without the need to re-authenticate.
Preferably with as little alteration to project code to accommodate portal as possible.
Is this possible with cakephp and if so what should i be reading up on to achieve this?
Related
I'm researching different approaches to build a web app that integrates Active Directory login into Business Catalyst. I'm wanting to implement a single sign on for active directory in an intranet environment. Specifically, users should be able to use their active directory credentials to login to Business Catalyst.
Workflow:
User provides username, password, and domain to the form.
Form sends request for authentication (I'm thinking via Soap, HTTP)
Gets a response based on the status of the AD User account (if they disabled then notify them otherwise continue)
Create a user in Business Catalyst if one is not created and login with that user. (Optionally: use a pre-existing account that has a matching username or some other matching criteria)
Optional:
detect if user is logged in with their ad account and auto-login with those credentials.
Option 1:
Communication with AD server via Liquid:
I reviewed the docs and saw the social media and the security zone docs but neither had a login api call. I know that liquid has access to server side data but I'm not sure if there is a server side call for handling authentication.
Option 2:
Build middleware that handles the Active Directory authentication and communicates the results via client-side http:
If I can’t do it through Liquid then I’m thinking I’d have to create a stand-alone service that is exposed externally (thinking node.js) and communicates between AD and client-side code via http.
Something similar to this example
https://github.com/adobebc/web-apps-sdk/tree/master/samples/bc-external-service
Additional Notes:
My active directory server is located on a machine in my intranet so the azure stuff doesn’t apply.
I know it is possible because there are products that can do this and more. I’m just not sure about all the details.
https://www.bitium.com/adobe-business-catalyst-active-directory-ad-integration
https://www.onelogin.com/connector/businesscatalyst-single-sign-on
Could you point me in the right direction to do this?
Option 1 or Option 2 or something else? Am I totally off here?
In terms of Option 1:
You can not write API with liquid markup - it is not for this. It is to render output of the BC data on the front end. It is not a server side language, its a template language basically.
Your only option is through full API, a middle-ware handling the login and interconnections.
Our SharePoint environment uses Claims Based Authentication - using
FBA for external users and AD for internal users.
I have not been able to connect using default credentials or Windows
authentication to a test SharePoint site using the SharePoint Client
Side Object Model (CSOM). I am able to connect using an FBA user but
require connecting using default credentials (assuming this is the
app pool id tied to the SharePoint application) or at least an AD
account.
The message I get when executing ClientContext.ExecuteQuery is - Cannot Contact Site at the Specified URL. I
have researched this extensively and have tried numerous suggestions including the following:
Using an event handler tied to the clientContext.ExecutingWebRequest
which adds to the WebRequest headers. Solution found here
https://social.technet.microsoft.com/Forums/office/en-US/16cd0e26-8f3b-4ef2-bac4-c2c59849ab96/authentication-in-clientcontext-in-sharepoint-2010?forum=sharepointdevelopmentprevious.
Using System.Net.CredentialCache.DefaultCredentials
Using System.Net.NetworkCredential passing in AD account
Thanks for any ideas or suggestions.
Tom
I should have mentioned that we are using SharePoint 2010 and that I'm trying to retrieve and update user profile properties. As I was beginning to code a solution to do this (using my FBA connected ClientContext), I read that in SharePoint 2010, you can only update user properties using the UserGroup web service. I get an Access Denied when trying to connect via the web service. I believe the ClientContext sits on top of the web services so the scenario/issue is the same. Again, any thoughts or suggestions are greatly appreciated.
Well, after much research, it seems that there is a solution. Adding a header to the request programmatically is the first step. The only issue is that in addition to adding the header, you must add an additional Windows authentication zone to SharePoint. I do not want to add another zone to our production environment.
Since the program I'm putting together accesses SharePoint and non-SharePoint databases, I would like to run it on a non-SharePoint server so I will most likely use an FBA account that is specifically created for this purpose.
In case anyone is interested, here is another link explaining how to add the header to the web request. You will receive an error - Object Moved without adding an additional zone. Here is a link which describes adding a zone.
I am new to GIS web development and I have been working on developing browser based application using Postgres, apache and Geoserver which is used to render all GIS data.
I want to build user authorization system on that, so that no one can access Geoserver and also only one session per used id should be there also it should include initially when user registers one time activation should be provided by me, as i can know how many users are using it.
And also if all this is done in single computer, how can i authenticate user ??
Could somebody guide me on this?
Is it possible to filter (i.e. hide) web parts from the WebPartAdder based on 3rd party user permissions?
We have built in user permissions in our application that defines which web parts a user has permissions to add to a page (permissions obtained using web services). In previous versions of SharePoint, we created a custom web part picker that allowed our users to select and add web parts to a web part page based on those permissions. In SP 2010 we'd like to use the SharePoint ribbon to expose these web parts but we haven't found a way to filter web parts based on these permission sets.
I've found virutally no usable documenation on MSDN describing the WebPartAdder control.
You can specify permissions on webparts in the webpart gallery, but this doesn't remove them from the list of available webparts. The unauthorized user will get an access denied message when attempting to add them to a page.
I am developing a web app that will be working with other companies web apps. Part of the desired user experience is that users on our web application will be able to log into our app, and be able to visit our parters' web applications. Accounts will be automatically created for the users on our partners' sites. We'd like them to be able to enter the partner sites already authenticated, without having to log in or authorize anything (like with OpenID or OAuth), similar to the relationship between a bank and a credit card rewards program. Is there an existing standard that covers this?
Single Sign On often used for such functionality.
There are a lot of implementations.
I used in production Jasig CAS