Log Message: |
Implemented: Token Based Authentication
(OFBIZ-9833)
This works the same way than externalLoginKey but between 2 servers,
not 2 webapps on the same server.
The Single Sign On (SSO) is ensured by a JWT token, then all is handled as
normal by a session on the reached server. The servers may or may not share a
database but the loginUserIds on the 2 servers must be the same.
OOTB the JWT masterSecretKey is not properly initialised and can not be OOTB.
As we sign on on several servers, so have different sessions, we can't use the
externalLoginKey way to create the JWT masterSecretKey.
The best way to create the JWT masterSecretKey is to use a temporary way to load
in a static final key when compiling. This is simple and most secure.
One of the proposed way is to use sed and uuidgen to modify the masterSecretKey
value. The magic words here are TEMPORARY and FINAL!
I have not tested this between 2 servers yet, only locally where it works well.
I'll do after this commit between my local instance and the trunk demo.
Thanks: Nicolas for the sed ans uuidgen suggestion
|