/[Apache-SVN]
ViewVC logotype

Revision 1813679


Jump to revision: Previous Next
Author: jleroux
Date: Sun Oct 29 11:02:00 2017 UTC (6 years, 5 months ago)
Changed paths: 4
Log Message:
Implemented: Token Based Authentication
(OFBIZ-9833)

This works the same way than externalLoginKey but between 2 servers, 
not 2 webapps on the same server. 

The Single Sign On (SSO) is ensured by a JWT token, then all is handled as 
normal by a session on the reached server. The servers may or may not share a 
database but the loginUserIds on the 2 servers must be the same.

OOTB the JWT masterSecretKey is not properly initialised and can not be OOTB.
As we sign on on several servers, so have different sessions, we can't use the 
externalLoginKey way to create the JWT masterSecretKey.
The best way to create the JWT masterSecretKey is to use a temporary way to load 
in a static final key when compiling. This is simple and most secure. 
One of the proposed way is to use sed and uuidgen to modify the masterSecretKey 
value. The magic words here are TEMPORARY and FINAL!

I have not tested this between 2 servers yet, only locally where it works well.
I'll do after this commit between my local instance and the trunk demo.

Thanks: Nicolas for the sed ans uuidgen suggestion

Changed paths

Path Details
Directoryofbiz/ofbiz-framework/trunk/build.gradle modified , text changed
Directoryofbiz/ofbiz-framework/trunk/framework/common/groovyScripts/ExternalServerName.groovy added
Directoryofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ContextFilter.java modified , text changed
Directoryofbiz/ofbiz-framework/trunk/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/ExternalLoginKeysManager.java modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26