Rails - May 2005 - One login for multiple ror apps

Hi,

I need to deployed at least 3 Ror apps but with a single signon, which 
means session sharing between all apps. Any suggestions for doing that?

Thanks,

Andres

are all three apps in a a single database?

On 5/18/05, Andres <katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org>
wrote:
> 
> Hi,
> 
> I need to deployed at least 3 Ror apps but with a single signon, which
> means session sharing between all apps. Any suggestions for doing that?
> 
> Thanks,
> 
> Andres
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

Speaking of SSO - does anyone on this list have knowledge of, or  
experience with, SAML? I don''t, but I''d like to get an idea of
what
it would take to build a SAML component for Rails. If you do, or  
would just like to discuss the possibility of working on this with  
me, let me know.

Joe

On May 18, 2005, at 8:24 AM, Andres wrote:
>
> Hi,
>
> I need to deployed at least 3 Ror apps but with a single signon,  
> which means session sharing between all apps. Any suggestions for  
> doing that?
>
> Thanks,
>
> Andres
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

Storing user info via LDAP solves this problem very well, don''t know
however if ActiveLdap is up to the task. If not I believe it''s
possible to specify at ActiveRecord level to which database should one
model class be linked. But this would be an sad hack.

Zsombor

On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> are all three apps in a a single database?
> 
> On 5/18/05, Andres <katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org>
wrote:
> >
> > Hi,
> >
> > I need to deployed at least 3 Ror apps but with a single signon, which
> > means session sharing between all apps. Any suggestions for doing
that?
> >
> > Thanks,
> >
> > Andres
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 

-- 
http://deezsombor.blogspot.com

It would be interesting to see if the salted hash login generator
could be changed to use LDAP as it''s store rather than using
ActiveRecord...

On 5/18/05, Dee Zsombor
<dee.zsombor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Storing user info via LDAP solves this problem very well, don''t
know
> however if ActiveLdap is up to the task. If not I believe it''s
> possible to specify at ActiveRecord level to which database should one
> model class be linked. But this would be an sad hack.
> 
> Zsombor
> 
> On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > are all three apps in a a single database?
> >
> > On 5/18/05, Andres
<katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org> wrote:
> > >
> > > Hi,
> > >
> > > I need to deployed at least 3 Ror apps but with a single signon,
which
> > > means session sharing between all apps. Any suggestions for doing
that?
> > >
> > > Thanks,
> > >
> > > Andres
> > > _______________________________________________
> > > Rails mailing list
> > > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > >
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> 
> --
> http://deezsombor.blogspot.com
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 

-- 
sam
http://www.magpiebrain.com/

This would be nice, and in fact, I started looking at ActiveLDAP  
today to see if that is possible. Really, I would like to see a  
generic front end that would support multiple authentication methods  
at the backend.

I don''t know much about the single sign on technologies that are  
available, or soon will be, but supporting one or more would  
certainly be useful to a lot of people, I think (hence the reason I  
solicited for some potential help on SAML earlier).

Joe

On May 18, 2005, at 11:56 AM, Sam Newman wrote:
> It would be interesting to see if the salted hash login generator
> could be changed to use LDAP as it''s store rather than using
> ActiveRecord...
>
> On 5/18/05, Dee Zsombor
<dee.zsombor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>> Storing user info via LDAP solves this problem very well,
don''t know
>> however if ActiveLdap is up to the task. If not I believe it''s
>> possible to specify at ActiveRecord level to which database should  
>> one
>> model class be linked. But this would be an sad hack.
>>
>> Zsombor
>>
>> On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>>
>>> are all three apps in a a single database?
>>>
>>> On 5/18/05, Andres
<katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org> wrote:
>>>
>>>>
>>>> Hi,
>>>>
>>>> I need to deployed at least 3 Ror apps but with a single
signon,
>>>> which
>>>> means session sharing between all apps. Any suggestions for  
>>>> doing that?
>>>>
>>>> Thanks,
>>>>
>>>> Andres
>>>> _______________________________________________
>>>> Rails mailing list
>>>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>>>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>>>
>>>>
>>> _______________________________________________
>>> Rails mailing list
>>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>>
>>>
>>
>> --
>> http://deezsombor.blogspot.com
>> _______________________________________________
>> Rails mailing list
>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>> http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>
>
>
> -- 
> sam
> http://www.magpiebrain.com/
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>

This has come up before and I suggested Sxip ... anyone ever heard of Sxip? 
I emailed the Sxip people and asked them if have a Ruby API. They don''t
have
one just yet, but are planning to write one soon. I like Sxip. check them 
out.

www.sxip.com <http://www.sxip.com>

On 5/18/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org>
wrote:
> 
> This would be nice, and in fact, I started looking at ActiveLDAP
> today to see if that is possible. Really, I would like to see a
> generic front end that would support multiple authentication methods
> at the backend.
> 
> I don''t know much about the single sign on technologies that are
> available, or soon will be, but supporting one or more would
> certainly be useful to a lot of people, I think (hence the reason I
> solicited for some potential help on SAML earlier).
> 
> Joe
> 
> On May 18, 2005, at 11:56 AM, Sam Newman wrote:
> 
> > It would be interesting to see if the salted hash login generator
> > could be changed to use LDAP as it''s store rather than using
> > ActiveRecord...
> >
> > On 5/18/05, Dee Zsombor
<dee.zsombor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >
> >> Storing user info via LDAP solves this problem very well,
don''t know
> >> however if ActiveLdap is up to the task. If not I believe
it''s
> >> possible to specify at ActiveRecord level to which database should
> >> one
> >> model class be linked. But this would be an sad hack.
> >>
> >> Zsombor
> >>
> >> On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> >>
> >>> are all three apps in a a single database?
> >>>
> >>> On 5/18/05, Andres
<katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org> wrote:
> >>>
> >>>>
> >>>> Hi,
> >>>>
> >>>> I need to deployed at least 3 Ror apps but with a single
signon,
> >>>> which
> >>>> means session sharing between all apps. Any suggestions
for
> >>>> doing that?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Andres
> >>>> _______________________________________________
> >>>> Rails mailing list
> >>>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> >>>> http://lists.rubyonrails.org/mailman/listinfo/rails
> >>>>
> >>>>
> >>> _______________________________________________
> >>> Rails mailing list
> >>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> >>> http://lists.rubyonrails.org/mailman/listinfo/rails
> >>>
> >>>
> >>
> >> --
> >> http://deezsombor.blogspot.com
> >> _______________________________________________
> >> Rails mailing list
> >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> >> http://lists.rubyonrails.org/mailman/listinfo/rails
> >>
> >>
> >
> >
> > --
> > sam
> > http://www.magpiebrain.com/
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 


-- 
- Ramin
http://www.getintothis.com/blog


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails

Yes.

I have just read: "Active Record 
<http://wiki.rubyonrails.com/rails/show/ActiveRecord> as a session 
storage mechanism"  
(http://wiki.rubyonrails.com/rails/show/HowtoChangeSessionOptions)

I guess this could work, am I right?



Ron Sweeney wrote:
>are all three apps in a a single database?
>
>On 5/18/05, Andres <katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org>
wrote:
>  
>
>>Hi,
>>
>>I need to deployed at least 3 Ror apps but with a single signon, which
>>means session sharing between all apps. Any suggestions for doing that?
>>
>>Thanks,
>>
>>Andres
>>_______________________________________________
>>Rails mailing list
>>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>>http://lists.rubyonrails.org/mailman/listinfo/rails
>>
>>    
>>
>_______________________________________________
>Rails mailing list
>Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
>http://lists.rubyonrails.org/mailman/listinfo/rails
>
>  
>

On Wed, 2005-05-18 at 07:24 -0500, Andres wrote:
> Hi,
> 
> I need to deployed at least 3 Ror apps but with a single signon, which 
> means session sharing between all apps. Any suggestions for doing that?
> 
I have worked on systems like this in the past. You could take advantage
of PostgreSQL schemas for this, if they all need to be in the same
database. 

You could have schemas like so:

public.*
auth.users
app1.*
app2.*
app3.*

Then you could perform authentication with the auth.users table for each
application. 

That''s one approach that you could take when having a shared schema,
but
also isolate the other application schema. In PostgreSQL, you can grant
access to certain schemas for specific postgresql users, so this will
add some security to the databases themselves as well if you need things
to be isolated a bit.

-Robby


-- 
/******************************************************
* Robby Russell, Owner.Developer.Geek
* PLANET ARGON, Open Source Solutions & Web Hosting
* Portland, Oregon | p: 503.351.4730 | f: 815.642.4068
* www.planetargon.com | www.robbyonrails.com
*******************************************************/

On 5/19/05, Ramin <i8ramin-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> This has come up before and I suggested Sxip ... anyone ever heard of Sxip?
> I emailed the Sxip people and asked them if have a Ruby API. They
don''t have
> one just yet, but are planning to write one soon. I like Sxip. check them
> out.
>  
>  www.sxip.com

What exactly do they do?

Sxip Identity provides identity management solutions that leverage the
Sxip Network and drive Identity 2.0 infrastructure. .....
 
> 
> On 5/18/05, Joseph Hosteny <jhosteny-ee4meeAH724@public.gmane.org>
wrote:
> > This would be nice, and in fact, I started looking at ActiveLDAP
> > today to see if that is possible. Really, I would like to see a 
> > generic front end that would support multiple authentication methods
> > at the backend.
> > 
> > I don''t know much about the single sign on technologies that
are
> > available, or soon will be, but supporting one or more would 
> > certainly be useful to a lot of people, I think (hence the reason I
> > solicited for some potential help on SAML earlier).
> > 
> > Joe
> > 
> > On May 18, 2005, at 11:56 AM, Sam Newman wrote:
> > 
> > > It would be interesting to see if the salted hash login generator
> > > could be changed to use LDAP as it''s store rather than
using
> > > ActiveRecord...
> > >
> > > On 5/18/05, Dee Zsombor
<dee.zsombor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > 
> > >> Storing user info via LDAP solves this problem very well,
don''t know
> > >> however if ActiveLdap is up to the task. If not I believe
it''s
> > >> possible to specify at ActiveRecord level to which database
should
> > >> one
> > >> model class be linked. But this would be an sad hack.
> > >>
> > >> Zsombor
> > >>
> > >> On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > wrote:
> > >>
> > >>> are all three apps in a a single database?
> > >>>
> > >>> On 5/18/05, Andres
<katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org> wrote:
> > >>> 
> > >>>>
> > >>>> Hi,
> > >>>>
> > >>>> I need to deployed at least 3 Ror apps but with a
single signon,
> > >>>> which
> > >>>> means session sharing between all apps. Any
suggestions for
> > >>>> doing that?
> > >>>>
> > >>>> Thanks,
> > >>>>
> > >>>> Andres
> > >>>> _______________________________________________
> > >>>> Rails mailing list 
> > >>>>
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > >>>> http://lists.rubyonrails.org/mailman/listinfo/rails 
> > >>>>
> > >>>>
> > >>> _______________________________________________
> > >>> Rails mailing list
> > >>> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org 
> > >>> http://lists.rubyonrails.org/mailman/listinfo/rails
> > >>>
> > >>>
> > >>
> > >> --
> > >> http://deezsombor.blogspot.com
> > >> _______________________________________________
> > >> Rails mailing list
> > >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > >> http://lists.rubyonrails.org/mailman/listinfo/rails
> > >>
> > >>
> > >
> > >
> > > --
> > > sam
> > > http://www.magpiebrain.com/
> > > _______________________________________________
> > > Rails mailing list
> > > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > >
> > 
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> > 
> 
> 
> 
> -- 
> - Ramin
> http://www.getintothis.com/blog 
> _______________________________________________
> Rails mailing list
> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
> 
> 
> 

-- 
Cheers

Koz

* Sam Newman <sam.newman-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> [0557
16:57]:
> It would be interesting to see if the salted hash login generator
> could be changed to use LDAP as it''s store rather than using
> ActiveRecord...
One other solution that springs to mind is having an authentication
system that uses the webserver for authentication, hooking into REMOTE_USER
and friends.

Then you gain access to all the apache mod_auth_* mechanisms, which work well
for multiple apps installed on the same vhost. If you one Realm for the vhost
as a whole you''d only have to enter credentials once.

Lighttpd has some functionality in that respect, but it''s not as
flexible (yet).

Bear in mind I don''t know anything about the salted hash login stuff -
I''m assuming
it''s a cookie/session based mechanism like the  original login
generator.


-- 
''Everyone''s always in favour of saving Hitler''s
brain, but when you put it
in the body of a Great White shark suddenly you''ve gone too
far..''
		-- Prof. Farnsworth
Rasputin :: Jack of All Trades - Master of Nuns

Their jargon confuses me also .. simply put, they provide SSO services. Much 
like MS''s Passport and AOL''s ScreenName. The difference is
that they are
free (whereas MS and AOL each charge thousands of dollars, but they do have 
a large userbase).

Here is a nice faq to learn more about sxip:
https://sxip.net/faq

On 5/18/05, Michael Koziarski
<koziarski-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> 
> On 5/19/05, Ramin <i8ramin-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> > This has come up before and I suggested Sxip ... anyone ever heard of 
> Sxip?
> > I emailed the Sxip people and asked them if have a Ruby API. They
don''t
> have
> > one just yet, but are planning to write one soon. I like Sxip. check 
> them
> > out.
> >
> > www.sxip.com <http://www.sxip.com>
> 
> What exactly do they do?
> 
> Sxip Identity provides identity management solutions that leverage the
> Sxip Network and drive Identity 2.0 infrastructure. .....
> 
> >
> > On 5/18/05, Joseph Hosteny
<jhosteny-ee4meeAH724@public.gmane.org> wrote:
> > > This would be nice, and in fact, I started looking at ActiveLDAP
> > > today to see if that is possible. Really, I would like to see a
> > > generic front end that would support multiple authentication
methods
> > > at the backend.
> > >
> > > I don''t know much about the single sign on technologies
that are
> > > available, or soon will be, but supporting one or more would
> > > certainly be useful to a lot of people, I think (hence the reason
I
> > > solicited for some potential help on SAML earlier).
> > >
> > > Joe
> > >
> > > On May 18, 2005, at 11:56 AM, Sam Newman wrote:
> > >
> > > > It would be interesting to see if the salted hash login
generator
> > > > could be changed to use LDAP as it''s store rather
than using
> > > > ActiveRecord...
> > > >
> > > > On 5/18/05, Dee Zsombor
<dee.zsombor-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > >
> > > >> Storing user info via LDAP solves this problem very
well, don''t
> know
> > > >> however if ActiveLdap is up to the task. If not I
believe it''s
> > > >> possible to specify at ActiveRecord level to which
database should
> > > >> one
> > > >> model class be linked. But this would be an sad hack.
> > > >>
> > > >> Zsombor
> > > >>
> > > >> On 5/18/05, Ron Sweeney
<ron.sweeney-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > wrote:
> > > >>
> > > >>> are all three apps in a a single database?
> > > >>>
> > > >>> On 5/18/05, Andres
<katarn-Kp5VGQjTsCPnAruVU7VYdw@public.gmane.org> wrote:
> > > >>>
> > > >>>>
> > > >>>> Hi,
> > > >>>>
> > > >>>> I need to deployed at least 3 Ror apps but with
a single signon,
> > > >>>> which
> > > >>>> means session sharing between all apps. Any
suggestions for
> > > >>>> doing that?
> > > >>>>
> > > >>>> Thanks,
> > > >>>>
> > > >>>> Andres
> > > >>>> _______________________________________________
> > > >>>> Rails mailing list
> > > >>>>
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > >>>>
http://lists.rubyonrails.org/mailman/listinfo/rails
> > > >>>>
> > > >>>>
> > > >>> _______________________________________________
> > > >>> Rails mailing list
> > > >>>
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > >>> http://lists.rubyonrails.org/mailman/listinfo/rails
> > > >>>
> > > >>>
> > > >>
> > > >> --
> > > >> http://deezsombor.blogspot.com
> > > >> _______________________________________________
> > > >> Rails mailing list
> > > >> Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > >> http://lists.rubyonrails.org/mailman/listinfo/rails
> > > >>
> > > >>
> > > >
> > > >
> > > > --
> > > > sam
> > > > http://www.magpiebrain.com/
> > > > _______________________________________________
> > > > Rails mailing list
> > > > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > > >
> > >
> > > _______________________________________________
> > > Rails mailing list
> > > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > > http://lists.rubyonrails.org/mailman/listinfo/rails
> > >
> >
> >
> >
> > --
> > - Ramin
> > http://www.getintothis.com/blog
> > _______________________________________________
> > Rails mailing list
> > Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
> > http://lists.rubyonrails.org/mailman/listinfo/rails
> >
> >
> >
> 
> --
> Cheers
> 
> Koz
> 


-- 
- Ramin
http://www.getintothis.com/blog


_______________________________________________
Rails mailing list
Rails-1W37MKcQCpIf0INCOvqR/iCwEArCW2h5@public.gmane.org
http://lists.rubyonrails.org/mailman/listinfo/rails