My team has a rather large web application that was built with the Zend Framework, which has become mission-critical to our organization in the past year. It was built as part of an existing ZF corporate web site that no longer meets our needs.
The ZF app has its own users table in a database. It also uses Zend_Acl, and some database tables, to control access to modules, and to individual records. The records largely pertain to people in the system.
Thanks to new business needs, we're now faced with building a new public web site in Joomla. So, we need: (1) to keep running the old system, in some capacity, and (2) a shiny new Joomla site, (3) integration between the two.
-We can't move custody of the users away from our legacy system, because the people those users represent are elemental to the legacy system's purpose.
-We need the usernames and passwords to be the same, and work the same (we have a 60 day reset policy, our usernames aren't fixed values / are a bit convoluted)
-I looked at Zend_Ldap hoping I could expose our users to Joomla that way, but it seems to be just an LDAP client, and I'm not sure implementing an Ldap server in Zend that uses our existing tables is a good use of time. An extension that replaces Joomla's authentication would probably be wiser.
-Can our ACL control Joomla or should we have two ACLs exist in parallel.
-Do we write SOAP services in the Zend app to expose the data to the extension, or do we just give database credentials to the Joomla extensions directly.
A pretty broad question, I know, but I am only looking for broad answers: how would you tackle this?
Thanks!
The first step sounds like integrating the Auth system across Joomla! and your ZF app from there you can direct link to the ZF App's pages for logged in users. I would recommend the use of JFusion to integrate the Joomla! authorisation process and match the ACL groups across the two systems. You will have to write your own plugin for JFusion but that will be very simple compared to porting your entire app to a Joomla! extension. JFusion's GitHub repo is here.
Given the data provided you will need to run the ZF App as the master for authentication and sync user data to Joomla! via your custom plugin.
Once you have your plugin doing the authentication you can use JFusion's direct link mode to link to the ZF App as user that login to Joomla! will be automatically logged into the ZF app (and vice versa).
Related
TL;DR: I'd like to make a Moodle installation and an ASP.NET Identity-based site share authentication. If they have a single login page, so much the better, but logging in to one should automatically log into the other; logout should also be shared.
I have a Moodle installation (M) at www.example.com/moodle, and another website (O) at www.example.com.
O is written using .NET 4.5.2 and has areas that require authentication to access, managed using ASP.NET Identity 2.1 with a custom user model. This model is not particularly sophisticated. It is essentially the out-of-the-box model, but with integer IDs rather than GUIDs.
M is version 2.6, with intentions to upgrade to the latest version (currently 3.1) in the near future.
Both are accessible via the public Internet; there is no requirement to be on a private network to access them.
I know of no plans to move either M or O onto a different domain. However, if one or both was to move, I imagine they would move to a subdomain of example.com.
I would like to create a single-sign-on system, allowing a login for M to also log the user into O. As it stands, I am using the external database authentication plugin for Moodle, with M referring to the database for O. While this works, it does require the user to log in twice. I would like to set it up so that logging in to either M or O will also log the user in to the other site.
I am able to create matching hashes from PHP and .NET code. Unless it is particularly relevant to the solution, please consider the creation of hashes out of scope.
Some users of M are using Moodle's built-in authentication. However, unless it is particularly relevant to the solution, please consider the migration of users out of scope.
I'd prefer O to manage users, if possible. M, by nature of being Moodle, will have to have its own records for the users, but I'd like it if they were similar to the records used by the external DB plugin: just saying that the user exists and can be found elsewhere.
Things I have tried, investigated, or considered:
Moodle's external database plugin. This is how it works at the moment. It sort of works, but requires multiple logins.
Automating the multiple logins. I've experimented with taking the posted credentials, making a HTTP request from the server to the sites' respective login forms when logging in, lifting the cookie out of the response, then sending that cookie back to the client. This also works, but it's clunky at best, and is reliant on the cookies not getting out of sync.
Using PHP's DOTNET library and doing...something. All of the documentation that I can find says that DOTNET does not work with anything other than .NET 2.0, 3.0 or 3.5. I'm using 4.5.2, so this seems like a no-go. I don't know what I'd do even if I could get it to work with more recent versions of .NET.
Somehow getting Moodle to accept the ASP.NET Identity cookie in place of its own. This seems like the most fruitful course, given that it is a single cookie to manage.
To wrap up: I'd like to make M and O share authentication. If they have a single login page, so much the better, but logging in to one should automatically log into the other; logout should also be shared. Is this possible, and does anyone know how I should go about it?
Maybe take a look at SAML.
I believe that .NET 4.5 supports SAML?
https://msdn.microsoft.com/en-us/library/ms733083%28v=vs.110%29.aspx
On the server, install simplesamlphp.
https://simplesamlphp.org/docs/stable/simplesamlphp-sp
It can be used both as a service provider and as an identity provider.
Then install this SAML plugin in Moodle :
https://moodle.org/plugins/auth_saml
There are a ton of online CMS services out there. And a ton of (new) backend-as-a-service products too. But I can't seem to find what I am looking for.
I am building an app for a client. The app contains data about shops, products, and more. The client must be able to update this data (and not just one person: each shop manager needs to be able to log in and edit the data for their own shop). And of course the app must be able to access this data.
Client edits data online
This has to be extremely user-friendly and completely online. I don't want to sell my client something where they need to install stuff on their server. I don't want to sell them something that's accessible online but looks like phpMyAdmin.
I want a shop owner to be able to go to a webpage, log in, and then see a pretty UI where they can edit the data for their shop. The back-end needs to have a pretty front-end that's auto-generated for whatever data this particular shop owner is allowed to edit.
So there are two bits: storing data in the cloud in such a way that it can be accessed by the app (which I am building with Titanium), and allowing the client to log into the backend and edit the data in a non-tech, user-friendly way.
Here's a list of things I tried...
Backend-as-a-service
Services with a great back-end, but without easy auto-generated data editing website:
Appcelerator (Titanium) Cloud Service
Amazon EC2
Stackmob
BackBeam
WebVanta
Parse
API o Mat
ShepHertz Cloud42
Kii
Online CMS
Services that provide a nice way for clients to edit data, but no easy way for apps to connect:
CloudCMS
(and many others I'm sure)
It's insane that no-one seems to be providing the cross-breed of BaaS and online CMS. So many people are building apps for clients, and so many clients are not tech-savvy and are reluctant to get a special server and host database software they don't understand. Why does this not exist? What am I missing?
With apiOmat it's easy to create your own data-editing app for e.g. with JavaScript SDK and HTML. Or you send a feature request so that they build a module for your preferred CMS.
As you mentioned, Cloud CMS is a really good option (disclaimer: I'm one of the founders). The product provides an enterprise content management backend and an API that lets you plug in some really powerful features right into your mobile apps.
This month, we released a brand new user interface which provides much of what you're asking about. Instant forms, document libraries, search and workflow all in one place.
You can check out Cloud CMS here: http://www.cloudcms.com
I completely agree with your assessment particularly with respect to the last mile (getting the final app built). It's kind of the wild west out there and the strong technologies are still proving out.
You mentioned Titanium - that's a good choice. I also quite like the Ionic Framework (http://www.drifty.com/). It's a step in the right direction.
I've been developing web apps some years now, actually as a hobby. When I write something, unsing Laravel, Sails.js, or Meteor and I add a feature, I upload it and it's there, for everyone.
However, I've always been wondering how bigger sites like facebook manage to roll out features to just some users. Do they push their changes to just some servers? But in that case - how do they manage the make the selected users access just these servers?
Or some db entry to see if the user has access to the feature/ version?
So how does it work?
Really interested in this :)
Large sites like Facebook use a technique called Feature toggles to control the functionality that is active at run-time. The following blog article describes Facebook's approach:
https://abhishek-tiwari.com/post/decoupling-deployment-and-release-feature-toggles
Hi I am using CAS for SSO. But problem is that i want reset password,register new user on CAS login screen.Does CAS provide these services or i have to implement?
Or Any other SSO solution exist which fulfill my requirement.
CAS is just a SSO frontend to your existing identity management solution (database, LDAP etc). It does not include any identity management features itself (create user account, reset password etc). I have recently been using the Cloudseal platform which is a full identity management solution and so far I am pretty impressed. I believe Atlassians Crowd also includes this although I have not used it. There are probably other products out there as well.
Both of these are commercial products although they are both free for the first 50 users. Crowd is a traditional standalone platform which you download, install and configure but Cloudseal is a hosted service so there is no installation and less config.
You can certainly modify the spring weblog and login page to allow for the functionality that of course you'd have to implement. You should also ask the question on #cas-user mailing list to see if a similar need in the community has been implemented by other users which you may be able to take advantage of. I remember only recently someone raised the same question to the list and there was a bit of interest in getting this feature developed and integrated. You may want to revisit the topic on the mailing list.
Hope this helps.
Lets say my web server app is in drupal or wordpress, or even code igniter, how would one get about integrating a comment system? TSpecifically what I am trying to find out is if anyone was able to find a successful approach that would save some time as opposed to me going down the road of tying myself to a specific CMS content system.
Just throwing in some considerations here (by no means complete):
Are users also accessing your content (and its comment system) via the website?
If so, you'll want to have a comment interface that is available on the website too, and the easiest choice may be to use the comment system natively supplied by your CMS / through plugins.
If on the other hand your users will only be using the iOS app(s) for commenting (via a native interface) or you'll be heavily customizing the website anyway, using a comment system independent from your CMS might be an option.
How will the content be accessed from the app?
Via a simple web view? Or will the app download via an API provided by your CMS and display it in a native UI? If you are using an API provided by your CMS, you will have the same issue with your content as with your comments when moving CMSes.
You could add an intermediate layer that abstracts from the specific CMS API.
Or if you don't really plan on moving CMSes but want to prepare for that event nevertheless, you could simply implement a no-frills "version check" to ask the server for the CMS kind / version it is using, and if it doesn't match what your app expects, ask the users to update. This isn't the prettiest user experience, but it might be sufficient depending on what you're actually planning.