Shiro : Single Sign on

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Shiro : Single Sign on

johnrellis
Hey,

I see that shiro supports single sign on.

We have multiple apps using shiro and would like to log into one and then link to the others from there without the need of logging into the others.

Has anyone done this with Grails and the Shiro plugin???  Is it even possible???

Thanks!
John

--
John Rellis
@johnrellis

Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

Dave Crane-7
Hi John,

Dunno how relevant this is to your question, but we've used the Grails CAS client plugin to implement SSO over several Grails apps (and a legacy PHP one), just as you describe (i.e. log into one, you can then get into them all without logging in again). Fiddly to set up in places, but once it's up and running, it's fairly workable.

HTH

Dave

On 30 November 2010 10:39, John Rellis <[hidden email]> wrote:
Hey,

I see that shiro supports single sign on.

We have multiple apps using shiro and would like to log into one and then link to the others from there without the need of logging into the others.

Has anyone done this with Grails and the Shiro plugin???  Is it even possible???

Thanks!
John

--
John Rellis
@johnrellis




--
Technical Lead/Architect
Historic Futures Ltd.

Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

johnrellis
Hey Dave,

Thanks.  I'll take note of this and have a look.  Sounds sweet that you got it working with non Grails apps too!!!!

Floor still open??? :) Anyone tried it in shiro??

Thanks again all!
John

On Tue, Nov 30, 2010 at 11:00 AM, Dave Crane <[hidden email]> wrote:
Hi John,

Dunno how relevant this is to your question, but we've used the Grails CAS client plugin to implement SSO over several Grails apps (and a legacy PHP one), just as you describe (i.e. log into one, you can then get into them all without logging in again). Fiddly to set up in places, but once it's up and running, it's fairly workable.

HTH

Dave


On 30 November 2010 10:39, John Rellis <[hidden email]> wrote:
Hey,

I see that shiro supports single sign on.

We have multiple apps using shiro and would like to log into one and then link to the others from there without the need of logging into the others.

Has anyone done this with Grails and the Shiro plugin???  Is it even possible???

Thanks!
John

--
John Rellis
@johnrellis




--
Technical Lead/Architect
Historic Futures Ltd.




--
John Rellis
@johnrellis

Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

pledbrook
In reply to this post by johnrellis
> I see that shiro supports single sign on.
> We have multiple apps using shiro and would like to log into one and then
> link to the others from there without the need of logging into the others.
> Has anyone done this with Grails and the Shiro plugin???  Is it even
> possible???

The standard approach for doing this is to use Shiro's native
sessions, which are implemented via an EhCache distributed cache.
Whether this approach works for you depends on whether all your
applications are hosted in the same container or at least reference
the same distributed cache.

You can also use alternative cache implementations, but then you have
to provide your own SessionDAO implementation.

I don't think there is a CAS realm available at the moment, but it may
not be too hard to write one.

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

johnrellis
Ok... great Peter, thanks for the clarification.

I am pushing to NOT have multiple apps in the same container so I may have to keep this quiet.... :)

I have never looked at distributed caches though, sounds like a pretty tasty solution!  I will discuss these options with my colleagues, thanks again Peter and Dave, I now have a bit more to go on.

On Tue, Nov 30, 2010 at 1:03 PM, Peter Ledbrook <[hidden email]> wrote:
> I see that shiro supports single sign on.
> We have multiple apps using shiro and would like to log into one and then
> link to the others from there without the need of logging into the others.
> Has anyone done this with Grails and the Shiro plugin???  Is it even
> possible???

The standard approach for doing this is to use Shiro's native
sessions, which are implemented via an EhCache distributed cache.
Whether this approach works for you depends on whether all your
applications are hosted in the same container or at least reference
the same distributed cache.

You can also use alternative cache implementations, but then you have
to provide your own SessionDAO implementation.

I don't think there is a CAS realm available at the moment, but it may
not be too hard to write one.

Peter

--
Peter Ledbrook
Grails Advocate
SpringSource - A Division of VMware

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email





--
John Rellis
@johnrellis

Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

scryan
In reply to this post by pledbrook
We are in the process of trying to implement just this using SAML so any discussion on this topic would be welcome.  We are a shiro user in multi tenant and trying to implement multiple types of SSO but in our case it is external SSO into our application.


Scott Ryan


On Nov 30, 2010, at 6:03 AM, Peter Ledbrook wrote:

>> I see that shiro supports single sign on.
>> We have multiple apps using shiro and would like to log into one and then
>> link to the others from there without the need of logging into the others.
>> Has anyone done this with Grails and the Shiro plugin???  Is it even
>> possible???
>
> The standard approach for doing this is to use Shiro's native
> sessions, which are implemented via an EhCache distributed cache.
> Whether this approach works for you depends on whether all your
> applications are hosted in the same container or at least reference
> the same distributed cache.
>
> You can also use alternative cache implementations, but then you have
> to provide your own SessionDAO implementation.
>
> I don't think there is a CAS realm available at the moment, but it may
> not be too hard to write one.
>
> Peter
>
> --
> Peter Ledbrook
> Grails Advocate
> SpringSource - A Division of VMware
>
> ---------------------------------------------------------------------
> To unsubscribe from this list, please visit:
>
>    http://xircles.codehaus.org/manage_email
>
>


---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

Moritz Kobel
In reply to this post by johnrellis
Hi,

we implemented https://neon1.net/mod_auth_pubtkt/ in Java with an
LDAP-Backend. Additionally we started to develop a Grails-Shiro-Plugin
for this kind of SSO.


- Moritz


Am Tuesday den 30. November 2010 schrieb John Rellis:

> Hey,
>
> I see that shiro supports single sign on.
>
> We have multiple apps using shiro and would like to log into one and then
> link to the others from there without the need of logging into the others.
>
> Has anyone done this with Grails and the Shiro plugin???  Is it even
> possible???
>
> Thanks!
> John
>
 
--
Wissen ist das einzige Gut, das sich vermehrt, wenn man es teilt.
--
http://www.lagerkochbuch.ch

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

johnrellis
Wow great... thanks, will take a look when I can later :)

On Thu, Dec 2, 2010 at 2:27 PM, Moritz Kobel <[hidden email]> wrote:
Hi,

we implemented https://neon1.net/mod_auth_pubtkt/ in Java with an
LDAP-Backend. Additionally we started to develop a Grails-Shiro-Plugin
for this kind of SSO.


- Moritz


Am Tuesday den 30. November 2010 schrieb John Rellis:

> Hey,
>
> I see that shiro supports single sign on.
>
> We have multiple apps using shiro and would like to log into one and then
> link to the others from there without the need of logging into the others.
>
> Has anyone done this with Grails and the Shiro plugin???  Is it even
> possible???
>
> Thanks!
> John
>

--
Wissen ist das einzige Gut, das sich vermehrt, wenn man es teilt.
--
http://www.lagerkochbuch.ch

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

   http://xircles.codehaus.org/manage_email





--
John Rellis
@johnrellis

Reply | Threaded
Open this post in threaded view
|

Re: Shiro : Single Sign on

mallikmajety
Hi All,

I've recently migrated to apache shiro security and have been using the dbRealm so far. Now, I am planning to implement cas SSO using Shiro.
Part of this, I've started off with grails create-cas-realm which did generate a casRealm for me. But then, I've got no clue on how to proceed further. I've been referring to http://shiro.apache.org/cas.html and trying to connect the shiro.ini with the generated casRealm. No luck yet!!

Anybody implemented CAS SSO using Shiro and Grails?

Thanks in advance.