after almost a week of trial and error, i''ve finally got a hold of creating a web service in rails. after all this time though, i''m still not quite sure if i can make it work the way i want it to. i was basically trying to create a login portal so that the users at our company can have one place to login for all of our internal applications. well, right now - i can have each of the apps pull the user information from the user portal, but i don''t know how to go the other way around. basically i need to pass the user information to each one of the apps, and forward the user to the location at the same time. any ideas or help will be greatly appreciated. -- Posted via http://www.ruby-forum.com/.
Josh Kieschnick wrote:> after almost a week of trial and error, i''ve finally got a hold of > creating a web service in rails. after all this time though, i''m still > not quite sure if i can make it work the way i want it to. > > i was basically trying to create a login portal so that the users at our > company can have one place to login for all of our internal > applications. well, right now - i can have each of the apps pull the > user information from the user portal, but i don''t know how to go the > other way around. basically i need to pass the user information to each > one of the apps, and forward the user to the location at the same time. > any ideas or help will be greatly appreciated.You might want to have a look at http://openid.net . The OpenID system sounds real close to what your want. In particular, you might be able to modify the OpenID client and server code to get what you need. Oh, and check out http://openprofile.net for my own extensions to the OpenID protocol. --Al Evans -- Posted via http://www.ruby-forum.com/.
Yeah, I''m doing the same for my company. This is my situation, there are three sectors in the company with web applications: WA = Web Application Systems sector WA1 WA2 WA3 Development sector WA4 WA5 WA6 Portal sector (my sector) WA7 Basically, if you wanted to log in into WA1, you have to put a user/password, and then, if you wanted to log into WA2, or WA4, or whatever, you need to put another user/password. My solution is to create a unified login service. I''m creating a login application in rails, I have information about every web application (the web name, the IP address, and encryption keys). ?Why encryption keys? Because in my company, everyone is crazy about security (although you can hack anything at anytime), if you want to do something, you have to promise that your solution is the most secure in the world. So I use RSA encryption, for every WA I have two pairs of public/private keys, so in WA1 I encrypt the message with public key 1 and send it to the login service, and in the login service I decipher with the private key 1, and then, in the login service I encrypt again with the public key 2 and then I decipher the message with private key 2. I also have an IP filter, at first by iptables, and then in the web services, in my login service I only accept connections for the IPs where the WA are. And now, the real thing, how do I ensure that if you log into WA1 with a user/password, this one works with WA2? Well, I just add a kind of backdoor into every web application... this is an example: * I go to WA1 in my explorer. * I go to the login page * I put my user/password, WA1 encrypt the data and send it to the login service, ask if the user is valid, the login services says to the WA1 "every ok, it''s the client number 7" so I let the user pass. In the WA1, I show the user links to go into WA2, WA3, and WA5. * The user clicks in WA3 link. * Whe the user licked in WA3, he invoked the action redirect_to_WA(3), so I redirect the user to WA3, with his user and password encrypted, WA3 automatically checks the user/password in the login service, every it''s ok so the user is logged in with just one click. My problem is in the last step, by now, I have to redirect the user with a GET action, but actually, I''ll have to redirect him with a POST action, because the GET can be hold into the navigation memory, and I don''t want that the user store the user/password in his navigation''s memory, so, I''m working in the last step right now, trying to get the user logged in into WA3 by an automatic post and not by an GET action. Rodrigo Dominguez ? Iplan Networks ???????????????Datos Personales rdominguez@iplan.com.ar ??????rorra@rorra.com.ar www.iplan.com.ar ?????????????www.rorra.com.ar 5031-6303 ????????????????????15-5695-6027 -----Mensaje original----- De: rails-bounces@lists.rubyonrails.org [mailto:rails-bounces@lists.rubyonrails.org] En nombre de Al Evans Enviado el: Jueves, 04 de Mayo de 2006 08:22 p.m. Para: rails@lists.rubyonrails.org Asunto: [Rails] Re: web service authentication Josh Kieschnick wrote:> after almost a week of trial and error, i''ve finally got a hold of > creating a web service in rails. after all this time though, i''m still> not quite sure if i can make it work the way i want it to. > > i was basically trying to create a login portal so that the users atour> company can have one place to login for all of our internal > applications. well, right now - i can have each of the apps pull the > user information from the user portal, but i don''t know how to go the > other way around. basically i need to pass the user information toeach> one of the apps, and forward the user to the location at the sametime.> any ideas or help will be greatly appreciated.You might want to have a look at http://openid.net . The OpenID system sounds real close to what your want. In particular, you might be able to modify the OpenID client and server code to get what you need. Oh, and check out http://openprofile.net for my own extensions to the OpenID protocol. --Al Evans -- Posted via http://www.ruby-forum.com/. _______________________________________________ Rails mailing list Rails@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails
If you''re going to so much trouble you might as well meet the needs of an SSO spec.! You could check out Shibboleth - http://shibboleth.internet2.edu/ . Nick
Rodrigo Dominguez wrote:> My problem is in the last step, by now, I have to redirect the user with > a GET action, but actually, I''ll have to redirect him with a POST > action, because the GET can be hold into the navigation memory, and I > don''t want that the user store the user/password in his navigation''s > memory, so, I''m working in the last step right now, trying to get the > user logged in into WA3 by an automatic post and not by an GET action.Rodrigo, I had actually thought this through and was leaning towards an almost identical solution. that last little bit is the part that i wasn''t sure how to do. i have been reading about setting up drb so the sessions can be shared, and then just storing the user_id in a shared session over the netword. then all the apps can use that to pull the users specific information for that app through web services. i''m not sure if that''s the way things work though. i may just pass it through a get request for now until i find something better. if i think of something, i can let you know. i''d appreciate it if you could do the same. thanks for your help. -- Posted via http://www.ruby-forum.com/.
Central Authentication Service is what we''re using here.... It is a Java application but there are ways to use the service from just about anything and it is just so easy to use it in Rails. It''s kinda tricky to set up but only because we''re using a Microsoft Active Directory for our users. http://www.ja-sig.org/products/cas/ On 5/5/06, Josh Kieschnick <jjkiesch@gmail.com> wrote:> > Rodrigo Dominguez wrote: > > > My problem is in the last step, by now, I have to redirect the user with > > a GET action, but actually, I''ll have to redirect him with a POST > > action, because the GET can be hold into the navigation memory, and I > > don''t want that the user store the user/password in his navigation''s > > memory, so, I''m working in the last step right now, trying to get the > > user logged in into WA3 by an automatic post and not by an GET action. > > Rodrigo, I had actually thought this through and was leaning towards an > almost identical solution. that last little bit is the part that i > wasn''t sure how to do. i have been reading about setting up drb so the > sessions can be shared, and then just storing the user_id in a shared > session over the netword. then all the apps can use that to pull the > users specific information for that app through web services. i''m not > sure if that''s the way things work though. > > i may just pass it through a get request for now until i find something > better. if i think of something, i can let you know. i''d appreciate it > if you could do the same. thanks for your help. > > -- > Posted via http://www.ruby-forum.com/. > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060505/3ac84747/attachment.html