Hi;
I'm evaluating CMS'es and like what I see in CMSMS so far. However, the environment in which CMSMS would be deployed requires centralised sign on, and I see no plugins for that so far and the user/group/access manager seems a very integral part of CMSMS. Does the plugin architecture allow for user/group management to be taken over by a module, so that single sign on could be realised by writing such a module?
Thanks in advance and keep up the great work.
Single Sign On
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: Single Sign On
In CMS, users are separated into Admin users (admin users of any sort), and Frontend users. Frontend user signon is handled by addon modules as follows:
a) SelfRegistration
Allows users to register themselves to the site. This module is extremely useful for sites that have large numbers of frontend users, but is optional for smaller sites if the administrator/s is/are willing to manage the accounts manually.
b) FrontendUsers
Provides the login/logout/settings/lost password functionality for frontend users
c) CustomContent
Allows different content to be displayed to different users, groups or based on day,month,year,hour or minute.
There is currently (I only have 10 fingers) no integration between the frontend and the backend user management. It can be done, it's just a matter of time.
Hope this helps.
a) SelfRegistration
Allows users to register themselves to the site. This module is extremely useful for sites that have large numbers of frontend users, but is optional for smaller sites if the administrator/s is/are willing to manage the accounts manually.
b) FrontendUsers
Provides the login/logout/settings/lost password functionality for frontend users
c) CustomContent
Allows different content to be displayed to different users, groups or based on day,month,year,hour or minute.
There is currently (I only have 10 fingers) no integration between the frontend and the backend user management. It can be done, it's just a matter of time.
Hope this helps.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
-
Eek
Re: Single Sign On
Perhaps I was a bit unclear: the environment in which CMSMS would be used requires single-sign on between a number of different system - in order for CMSMS to be practical for us, we need to be able to map between an existing centralised logon system and CMSMS' user management.
As I understand modules that e.g. allow self registration, they still use the CMSMS user database. What I'd like to know is whether the plugin architecture supports delegating authentication and authorisation (based on groups) to modules, so that I could write a plugin that glues CMSMS to the single sign on system we use without resorting to patching the actual CMSMS scripts themselves.
Regards,
Eek!
As I understand modules that e.g. allow self registration, they still use the CMSMS user database. What I'd like to know is whether the plugin architecture supports delegating authentication and authorisation (based on groups) to modules, so that I could write a plugin that glues CMSMS to the single sign on system we use without resorting to patching the actual CMSMS scripts themselves.
Regards,
Eek!
Last edited by Eek on Wed Nov 15, 2006 5:45 pm, edited 1 time in total.
Re: Single Sign On
hmm, I bet you cant do it with a hook or a plugin. but you might be able to do it directly in php...
look in class.useroperations.inc.php, basically you just need to replace the mysql parts with ldap (and leave adding and deleting out
but this isnt SSO, its just centralized user db.
to get SSO you need to for example generate a link with encrypted userinformation in some intranet site and when user clicks that link he/she goes to cmsms installation and is logged in with that information.
Or some other method of checking if the user has already signed in somewhere, but it would still require hacking the core....
Id love to see a possibility for modules to overwrite core functions but its kinda hard to implement... (or maybe we should modularize core more and have Users module which could then be uninstalled and UsersLdap module could replace it...)
maybe in 3.0
look in class.useroperations.inc.php, basically you just need to replace the mysql parts with ldap (and leave adding and deleting out
but this isnt SSO, its just centralized user db.
to get SSO you need to for example generate a link with encrypted userinformation in some intranet site and when user clicks that link he/she goes to cmsms installation and is logged in with that information.
Or some other method of checking if the user has already signed in somewhere, but it would still require hacking the core....
Id love to see a possibility for modules to overwrite core functions but its kinda hard to implement... (or maybe we should modularize core more and have Users module which could then be uninstalled and UsersLdap module could replace it...)
maybe in 3.0
Re: Single Sign On
I really like that idea, actually. Having pieces of the core as modules which can be replaced would be great for users.
Have a simple version included. Make an ldap version for the people that want it. Heck, have FEU replace the users functionality totally when you want frontend logins. etc.
Have a simple version included. Make an ldap version for the people that want it. Heck, have FEU replace the users functionality totally when you want frontend logins. etc.
