Archive for the ‘authentication’ tag
What is OpenID authentication?
If you are not familiar with OpenID:
OpenID is a decentralized authentication protocol that makes it easy for people to sign up and access web accounts.
From a Nuxeo user point of view, it lets you log in with an existing OpenID provider account. No password needed, just make sure the user exists in Nuxeo having a common email address with your OpenID provider. Here’s an example:
I have an existing Nuxeo user who’s email is email@example.com. Gmail is an OpenID provider. I’ve configured Nuxeo to use it as an OpenID provider. When I am on the login page, I now have a new choice. It’s a sign in with Gmail …
I’m very pleased to tell you that we now have a Kerberos authentication module thanks to Sylvain Chambon. He works at Open Wide, one of Nuxeo’s Gold partners, as Senior Software Architect and Team Manager. You might recognize Open Wide as we recently did a webinar together about EasySOA, a research project Nuxeo and Open Wide have in common.
This feature has been asked for many times by many different people. The Jira tickets go back to 2007. As you can see it’s been a long time :) If you are not familiar with Kerberos, here’s a definition taken straight from the MIT page:
Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
First, for those of you who prefer reading code rather than blogs: https://github.com/ldoguin/nuxeo-yammer-sample.
Now let’s talk about OAuth. OAuth is a very common way to authenticate with social networks, websites or applications. I am going to show you how you can do it in Nuxeo.
We already use OAuth for our OpenSocial gadgets since it comes as a Shindig dependency, which lets us share Nuxeo gadgets in external containers. It’s time to extend that. We need to let users grant access to any service provider registered in the Nuxeo Admin Center. We’ve added some code to handle the three-legged authentication. This will help through the different phases (request, authorization, access). Then I wrote a quick WebEngine module to use it in Nuxeo. This is really straightforward using the IDE. You select WebEngine project in the wizard and you get a simple WebEngine site that you can extend …
Hi everyone and welcome to this new weekly blog post. Every week we’ll feature a question asked on Nuxeo Answers.
So without further ado, here goes Question #1:
By going to the URL above, you’ll see the answer to this question, with a detailed explanation and example code. This is a nice way to handle authentication of any external application to a Nuxeo server, using the http or automation client for instance.…
Nuxeo recently developed a module to add Nuxeo DM (Open Source Document Management) to the applications available through the Shibboleth Authentication system for the University of Rennes 1, France, for the consortium ESUP-Portal. In the spirit of community, we have packaged the technology and made it available on the Nuxeo Marketplace, so others can share the Shibboleth love.
Federated identity systems make a lot of sense for both system administrators and system users. It allows for information about users in one security domain to be provided to other organizations in a federation, enabling cross-domain single sign-on.
The Shibboleth System is an open source software package for cross-domain single sign-on. The Shibboleth Authentication package enables a Shibboleth system to include the Nuxeo DM application in its federated identity management system, so that users logging into the single sign-on system will have access to their organization’s deployment of Nuxeo DM.