Comments for Superpatterns http://blog.superpat.com Pat Patterson on Identity Management, Federation and Single Malt Scotch Tue, 23 Feb 2010 05:03:39 +0000 http://wordpress.org/?v=2.9.2 hourly 1 Comment on OpenSSO Single Sign-on Plugin for WordPress by OpenSSO Single Sign-on Extension for MediaWiki « Superpatterns http://blog.superpat.com/2009/07/27/opensso-single-sign-on-plugin-for-wordpress/comment-page-1/#comment-1750 OpenSSO Single Sign-on Extension for MediaWiki « Superpatterns Tue, 23 Feb 2010 05:03:39 +0000 http://blog.superpat.com/2009/07/27/opensso-single-sign-on-plugin-for-wordpress/#comment-1750 [...] targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other [...] [...] targeting PHP CMS applications (see my previous entries covering the extensions for Drupal, WordPress and Joomla), I decided to look at MediaWiki, the PHP application powering Wikipedia and many other [...]

]]> Comment on OpenSSO User Group Meetings in Northern Europe – Nov/Dec 2009 by Pat Patterson http://blog.superpat.com/2009/11/18/opensso-user-group-meetings-in-northern-europe-novdec-2009/comment-page-1/#comment-1688 Pat Patterson Sun, 14 Feb 2010 07:15:20 +0000 http://blog.superpat.com/?p=966#comment-1688 Actually, I just checked - PHP foreach doesn't need next() - see http://php.net/manual/en/control-structures.foreach.php Actually, I just checked – PHP foreach doesn’t need next() – see http://php.net/manual/en/control-structures.foreach.php

]]> Comment on OpenSSO User Group Meetings in Northern Europe – Nov/Dec 2009 by Pat Patterson http://blog.superpat.com/2009/11/18/opensso-user-group-meetings-in-northern-europe-novdec-2009/comment-page-1/#comment-1687 Pat Patterson Sun, 14 Feb 2010 07:08:16 +0000 http://blog.superpat.com/?p=966#comment-1687 Hi Yonas, Thanks for the fix! I still have the developer role over at OpenSSO, so I should be able to commit it. However that code belongs to Oracle and I no longer work there, so, unfortunately, I don't think I can push it to drupal.org :-( Cheers, Pat Hi Yonas,

Thanks for the fix! I still have the developer role over at OpenSSO, so I should be able to commit it.

However that code belongs to Oracle and I no longer work there, so, unfortunately, I don’t think I can push it to drupal.org :-(

Cheers,

Pat

]]> Comment on OpenSSO User Group Meetings in Northern Europe – Nov/Dec 2009 by Yonas Yanfa http://blog.superpat.com/2009/11/18/opensso-user-group-meetings-in-northern-europe-novdec-2009/comment-page-1/#comment-1685 Yonas Yanfa Sat, 13 Feb 2010 09:15:54 +0000 http://blog.superpat.com/?p=966#comment-1685 Hi Pat, I was looking through your module and might've found a bug: http://pastie.org/823011 // Need to parse name/value pairs, to get value for Drupal username attribute $lines = explode("\n", $response->data); reset($lines); foreach ($lines as $line) { if ($line == ('userdetails.attribute.name=' . OPENSSO_DRUPAL_USERNAME_ATTRIBUTE)) { // 'current' line holds attribute value // 28 points to character after 'userdetails.attribute.value=' $name = substr(current($lines), 28); break; } next($lines); // <--------- This was missing } return $name; } // function _opensso_get_name Thanks for writing this module, please upload it to drupal.org :) A lot of people can contribute and benefit from bug fixes while it's on drupal.org. Cheers, Yonas Hi Pat,

I was looking through your module and might’ve found a bug:
http://pastie.org/823011

// Need to parse name/value pairs, to get value for Drupal username
attribute

$lines = explode(“\n”, $response->data);
reset($lines);

foreach ($lines as $line) {
if ($line == (‘userdetails.attribute.name=’ .
OPENSSO_DRUPAL_USERNAME_ATTRIBUTE)) {

// ‘current’ line holds attribute value
// 28 points to character after ‘userdetails.attribute.value=’
$name = substr(current($lines), 28);
break;
}
next($lines); // <——— This was missing
}

return $name;
} // function _opensso_get_name

Thanks for writing this module, please upload it to drupal.org :) A lot
of people can contribute and benefit from bug fixes while it's on
drupal.org.

Cheers,

Yonas

]]> Comment on SAML Single Sign-on with Desktop Apps – Enabled by OAuth by Pat Patterson http://blog.superpat.com/2009/11/12/saml-single-sign-on-with-desktop-apps-enabled-by-oauth/comment-page-1/#comment-1482 Pat Patterson Thu, 21 Jan 2010 17:58:07 +0000 http://blog.superpat.com/?p=945#comment-1482 Hi Jonathan - I think the key thing here is that you can use Outlook to access your mail at Google, whether or not Google has a password for you. It's much more flexible. Yes, you can use SPNEGO to do SSO across Microsoft web infrastructure, but I don't think it scales to thousands of IdP's accessing an SP. To use SPNEGO, you would have to 'kerberize' the SP for all the IdP AD domain controllers, adding identities in each IdP's AD and copying keytab files. Ugh! Hi Jonathan – I think the key thing here is that you can use Outlook to access your mail at Google, whether or not Google has a password for you. It’s much more flexible.

Yes, you can use SPNEGO to do SSO across Microsoft web infrastructure, but I don’t think it scales to thousands of IdP’s accessing an SP. To use SPNEGO, you would have to ‘kerberize’ the SP for all the IdP AD domain controllers, adding identities in each IdP’s AD and copying keytab files. Ugh!

]]> Comment on SAML Single Sign-on with Desktop Apps – Enabled by OAuth by Jonathan Gershater http://blog.superpat.com/2009/11/12/saml-single-sign-on-with-desktop-apps-enabled-by-oauth/comment-page-1/#comment-1478 Jonathan Gershater Thu, 21 Jan 2010 00:33:13 +0000 http://blog.superpat.com/?p=945#comment-1478 hi Pat Doesn't Microsoft do this with SPNEGO ? It will take credentials that I used to authenticate to AD (and thus from any "thick client" like Outlook) and make those credentials available in IE for browser based Auth? Jonathan hi Pat
Doesn’t Microsoft do this with SPNEGO ? It will take credentials that I used to authenticate to AD (and thus from any “thick client” like Outlook) and make those credentials available in IE for browser based Auth?

Jonathan

]]> Comment on New and Updated Policy Agents for OpenSSO by Pat Patterson http://blog.superpat.com/2009/04/28/new-and-updated-policy-agents-for-opensso/comment-page-1/#comment-1004 Pat Patterson Thu, 17 Dec 2009 04:57:16 +0000 http://blog.superpat.com/2009/04/28/new-and-updated-policy-agents-for-opensso/#comment-1004 Hi Venki - looks like the Domino agent was just released - see http://wikis.sun.com/display/OpenSSO/OpenSSO+Policy+Agents+3.0+Roadmap . I no longer work on OpenSSO, but you should be able to get more information on CDSSO etc at the mailing list - see http://wikis.sun.com/display/OpenSSO/OpenSSO+Mailing+List Hi Venki – looks like the Domino agent was just released – see http://wikis.sun.com/display/OpenSSO/OpenSSO+Policy+Agents+3.0+Roadmap . I no longer work on OpenSSO, but you should be able to get more information on CDSSO etc at the mailing list – see http://wikis.sun.com/display/OpenSSO/OpenSSO+Mailing+List

]]> Comment on New and Updated Policy Agents for OpenSSO by venki http://blog.superpat.com/2009/04/28/new-and-updated-policy-agents-for-opensso/comment-page-1/#comment-1003 venki Thu, 17 Dec 2009 01:26:26 +0000 http://blog.superpat.com/2009/04/28/new-and-updated-policy-agents-for-opensso/#comment-1003 do you know when the 3.0 policy agent for domino is scheduled to be released! will it be compatible to domino 8.x servers and will it support CDSSO....? do you know when the 3.0 policy agent for domino is scheduled to be released! will it be compatible to domino 8.x servers and will it support CDSSO….?

]]> Comment on SAML Single Sign-on with Desktop Apps – Enabled by OAuth by Pat Patterson http://blog.superpat.com/2009/11/12/saml-single-sign-on-with-desktop-apps-enabled-by-oauth/comment-page-1/#comment-981 Pat Patterson Wed, 16 Dec 2009 03:24:41 +0000 http://blog.superpat.com/?p=945#comment-981 Hi Adam - All the information I have is in this blog entry. The linked articles at Google have some more detail; if you need more, you'll have to get in touch with Google - Eric's email address is on the page I linked to - http://eric.sachs.googlepages.com/ Hi Adam – All the information I have is in this blog entry. The linked articles at Google have some more detail; if you need more, you’ll have to get in touch with Google – Eric’s email address is on the page I linked to – http://eric.sachs.googlepages.com/

]]> Comment on SAML Single Sign-on with Desktop Apps – Enabled by OAuth by Adam http://blog.superpat.com/2009/11/12/saml-single-sign-on-with-desktop-apps-enabled-by-oauth/comment-page-1/#comment-980 Adam Wed, 16 Dec 2009 01:36:10 +0000 http://blog.superpat.com/?p=945#comment-980 I'd be very interested in more information, I've been looking for this for ages! Adam I’d be very interested in more information, I’ve been looking for this for ages!

Adam

]]>