Open Source Document Management System | OpenKM

Because information matters
https://forum.openkm.com/

External Authentication?

https://forum.openkm.com/viewtopic.php?t=6103

Page 1 of 1

External Authentication?

PostPosted:Tue Mar 20, 2012 7:30 am
by kingcu
Greetings, everyone! Just came across OpenKM and played with the online demo for a while, it looks and works great. But before we invest in OpenKM, we want to make sure that the external authentication could work the way we are expecting:

1. A user (Tom) logs into his PC (running Windows XP) using his Windows domain account;
2. When Tom opens OpenKM in Firefox, he is automatically logged into OpenKM using his Windows domain account;
3. Once Tom is in OpenKM, there is no way for him to logout.

So at the very end, what we need is this: once a Windows PC is logged on using a Windows domain account, access to OpenKM from this PC is restricted only to this specific Windows domain account. Is this possible with OpenKM?

Re: External Authentication?

PostPosted:Wed Mar 21, 2012 9:22 am
by pavila
OpenKM is a J2EE application which runs inside a Application Server called JBoss. Authentication is performed by JBoss, so this question is more related to JBoss than OpenKM.

In any case, I don't know any login module which works as you describe, so should be implemented.

Re: External Authentication?

PostPosted:Wed Mar 21, 2012 12:30 pm
by a.szymanski
Hi,
You want to achieve Single Sign On, well you should search about SSO + JBoss, https://community.jboss.org/wiki/JBossWebSingleSignOn

Regards,
Arek

Re: External Authentication?

PostPosted:Wed Mar 21, 2012 4:55 pm
by kingcu
I found this article, Obtaining Client-Specific Information with a Web Application, which is exactly what I am looking for. Now that I can (step 1) put a piece of JavaScript code in the web page to obtain the client user name/computer name/domain, the next step I need to do is to (step 2) query against the Windows AD and if the user/comptuer/domain combination exists in AD, (step 3) authenticate the user to OpenKM. I have no clue how to perform step 2 and 3 at the moment. Can someone shed a light?

Also, the above technique to obtain client information only works with IE, is there any way this could work under FireFox and Chrome? Thanks.

Re: External Authentication?

PostPosted:Thu Mar 22, 2012 7:54 am
by jllort
You can not doing it, will be a security break in AD. You can not get the pass from your AD simply you will not able to complete the authentication process.

You need configure CAS for doing something like you propose.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited