Re: MyFedora cross domain authentication issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2008-03-14 at 23:30 -0500, Toshio Kuratomi wrote:
> John (J5) Palmieri wrote:
> > On Thu, 2008-03-13 at 17:59 -0500, Toshio Kuratomi wrote:
> >> J5: Look at how jsonfas is implemented and tell me if that would for ths 
> >> model.
> >>
> >> bzr branch bzr://bzr.fedorahosted.org/bzr/python-fedora/python-fedora-devel
> >>
> >> cd python-fedora-devel/fedora/tg/identity
> >> vim jsonfasprovider.py
> >> # Take a look at JsonFasIdentity
> >>
> >> -Toshio
> > 
> > It look promising though I am not totally sure how it works.  Let me see
> > if I get this right. At the start of the proxied request (basically just
> > a TG controller in my domain which is called via JSON) I create a
> > JsonFasIdentity and supply it with the user, username and password using
> > the tg.identity object or is that the JsonFasIdentity?  It will then set
> > the correct cookies for the next link.  I make my next JSON call to a
> > FAS2 enabled resource like Bodhi and Bodhi treats me as if I was logged
> > in?  Is this correct?  Do I call logout on the JsonFasIdentity object?
> > Can this stand up to being called 10 times per page load for each query
> > I need to make?
> > 
> 
> This is how jsonfasprovider works:
> 
> 1) The user visits myfedora and enters a username/password to log in.
> 2) The login request uses jsonfasprovider to authenticate the user 
> against fas.    Fas allows the user and sends a cookie back to myfedora.
> 3) myfedora (still via jsonfasprovider) sets the cookie on the user's 
> browser.
> 
> This applies to myfedora because myfedora can use a similar method to 
> send the user's authentication token to Bodhi.  You'll inherit from 
> BaseClient similar to what JsonFasIdentity does but targeted at Bodhi's 
> location instead of FAS (Call it BodhiClient, for now).
> 
> 1) Logged in user accesses myfedora
> 2) You instantiate a BodhiClient object.
> 3) You set or have BodhiClient set _sessionCookie with the visit_key 
> (available from identity.current.visit_key)
> 4) You call or have BodhiClient send_request() to retrieve your data. 
> (Remember to specify auth=True since the client needs to retrieve the 
> data for the authenticated user.)
> 5) Operate on the data.
> 
> So you are proxying the session cookie that the user sends to you to the 
> actual server that is providing the information.
> 
> -Toshio

Win!!! I'll try to get this working soon. Thanks.


-- 
John (J5) Palmieri <johnp@xxxxxxxxxx>

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux