[FX.php List] [OFF] SSO from another site, via LDAP w/ AD...
Joel Shapiro
mail at jsfmp.com
Wed Oct 22 11:25:41 MDT 2014
Hi Steve
On Oct 22, 2014, at 1:00 AM, Steve Winter <steve at bluecrocodile.co.nz> wrote:
>> I'm checking now if we can get the AD Group memberships passed along through the LDAP server to ExternalSite. (Great idea, thanks!)
>
> Welcome :-) Even if they can’t provide you with that information, then you can find it yourself once you know who they are, by asking the AD for that information as part of your hand-over from ExternalSite.
[JOEL] : Are you saying that we can get Group memberships for a user out of AD just from the username, even if we don't have the user's password?
> Separately but somewhat related... Today I went to a session at html5devconf.com called "Death to Cookies, Long Live JSON Web Tokens". Not a solution to the issue in this thread, but I thought it was interesting:
>
> JWTs are an interesting idea - I’m not sure they they’re going to be the death of cookies any time soon, but they are a nice way to obfuscate data being passed between sites, and more importantly verify that the data hasn’t been tampered with in transit.
[JOEL] : The presenter was proposing them especially in contexts nowadays when one site/app needs to hit multiple servers
Cheers,
-Joel
More information about the FX.php_List
mailing list