[geeklog-devtalk] Adding a couple plugin functions

Tony Bibbs tony at tonybibbs.com
Wed Jun 30 15:52:05 EDT 2004

Previous message: [geeklog-devtalk] Adding a couple plugin functions
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #335 - 2 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What you want is Single Sign-On. There are a few things I'd recommend
before we got to the point of discussing plugin API changes.

1) Geeklog 1.3.x's core should modularize the login. Doing so would
encourage others to write authenticators against things like LDAP, AD,
etc. By making it modular, you could also add some custom handling there.
2) SSO is a complicated security topic. Most for-profit implementations
use Kerberos tickets, others such as what I plan to do with
Auth_Enterprise, will issue their own SSO token that can be used by
federated applications (i.e. applications that trust one another) to
authenticate a user.
3) As I eluded to above, SSO support is something I plan to get into
Auth_Enterprise (see
http://www.tonybibbs.com/index.php?topic=auth_ent). I won't have time
to get to SSO anytime in the next couple of weeks but if you are
interested in tacking a crack at it I can point you in the right
direction. It has been my intention that after I get Auth_Enterprise to
a stable state I would hack options support for it into 1.3.x (which
would require me or someone to take care of item #1 above).

This probably does itch your short-term scratch but I wanted to offer up
some of my thoughts and give you a chance to help with the longer term
vision if you have the time.

--Tony

Turias wrote:

> It just doesn't seem possible to accomplish what I need to do using

> the current Geeklog plugin architecture.

>

> Basically, my plugin needs to set login-related cookies for use by

> applications other than the main Geeklog install. For example, I have

> considered using this to write a plugin that allows you to do the

> following:

>

> 1) The user logs into a Geeklog instance A

> 2) On login, the plugin sets login cookies for Geeklog instances B and C

> 3) Now the user can visit all three Geeklog instances seamlessly

> without logging in three separate times.

>

> Of course, this would only work if all Geeklog instances are located

> on the same domain and would preferably require some extra user

> profile synchronizations. Theoretically, this functionality could

> also be used to bridge access to third party apps with minimum work.

>

> Unfortunately, there currently isn't any way for a plugin to do this.

> I could probably hack something together in the user.php and

> lib-common.php files, but this doesn't seem like a good way to

> distribute plugins. Having plugin functions called on login and

> logout could be quite powerful for plugin developers.

>

> Please let me know if you think there is a better way to do this. It

> seems to me, though, that this would be the cleanest way of going

> about things.

>

> Thanks,

> Turias

>

>

>

> On Jun 29, 2004, at 1:13 PM, Tony Bibbs wrote:

>

>> <snip>

>> I recently began working on a plugin that needs to set and delete

>> cookies when the user logs in and out of GeekLog. Unfortunately,

>> this does not seem possible with the current GL code.

>> </snip>

>>

>> Why doesn't it work exactly?

>>

>> --Tony

>>

>> Turias wrote:

>>

>>> No one has anything to say about this?

>>>

>>> - Turias

>>>

>>>

>>> On Jun 25, 2004, at 7:48 PM, Turias wrote:

>>>

>>>> Hey everyone,

>>>>

>>>> I recently began working on a plugin that needs to set and delete

>>>> cookies when the user logs in and out of GeekLog. Unfortunately,

>>>> this does not seem possible with the current GL code. I would like

>>>> to propose the following be added to the core:

>>>>

>>>> 1) The addition of the following plugin functions:

>>>>

>>>> plugin_login_<plugin name>

>>>>

>>>> and

>>>>

>>>> plugin_logout_<plugin name>

>>>>

>>>> These functions would return nothing.

>>>>

>>>>

>>>> 2) A modification to users.php which would call the aforementioned

>>>> functions when a user logs in or out of the system.

>>>>

>>>>

>>>> I could code this up, as it would be pretty easy to do. What does

>>>> everyone think? Do people see any utility in this?

>>>>

>>>> - Turias

>>>>

>>>> _______________________________________________

>>>> geeklog-devtalk mailing list

>>>> geeklog-devtalk at lists.geeklog.net

>>>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>>>

>>>

>>>

>>> _______________________________________________

>>> geeklog-devtalk mailing list

>>> geeklog-devtalk at lists.geeklog.net

>>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>>

>>

>> _______________________________________________

>> geeklog-devtalk mailing list

>> geeklog-devtalk at lists.geeklog.net

>> http://lists.geeklog.net/listinfo/geeklog-devtalk

>

>

> _______________________________________________

> geeklog-devtalk mailing list

> geeklog-devtalk at lists.geeklog.net

> http://lists.geeklog.net/listinfo/geeklog-devtalk

Previous message: [geeklog-devtalk] Adding a couple plugin functions
Next message: [geeklog-devtalk] geeklog-devel digest, Vol 1 #335 - 2 msgs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-devtalk mailing list