The mailing list for listmasters using Sympa

[Olivier Salaün <address@concealed>]

Thanks for providing these informations about your project. I now have a better understanding of your usage of Sympa.

Your conclusion that the login SOAP functions will work despite the use of generic_sso is wrong. You don't get an appropriate error message, but the reason for the login failure is that your Sympa server's only authentication backend is a 'generic_sso'. Therefore the Auth::authentication() subroutine will never check the user password stored in Sympa's DB.

The options you have to setup your SSO architecture :

1. use a true SSO server with Sympa and your web server acting as SSO clients. CAS <http://www.jasig.org/cas> is such a good SSO software, well supported by Sympa,
2. keep the generic_sso Sympa setup with the user_table uncommented in auth.conf. This way, Sympa will still manage user passwords. Note that you'll have to customize the web_tt2 templates to remove the native Sympa login banner,
3. require user authentication on /sympa URL, as you already tried,
4. lower your goal to have SSO on Sympa too. Users would have to login twice but with a shared email+passwd.

It's up to you to adopt the most appropriate solution.

Le 16/03/2010 10:55, address@concealed a écrit :

address@concealed">

Hi, that's me.

I have a server running diff apps, like Sympa, a CMS, a Wikipedia,... now
each app has its own login system, I want to use only one login for all the
apps, so once the users tries to login in Sympa (for example) he also gains
access to all the others apps in the server.

I am using Apache2::AuthCookie (perl) for this, creating a cookie that
should be shared by all the apps.

You can set AuthCookie to check the auth vs a lot of things, like just a
file, a DB, ... I choose to check the identity of the user versus Sympa, and
alone it is running OK.

Once the user provides his email and password, AuthCookie checks it vs Sympa
(using your SOAP interface), if he is good, the Cookie is created and the
user is allowed to access in.

So my idea is that for example the user wants to access Wikipedia, instead
of using wikipedia's form, I will provide mine, the user will provide email
and pass, AuthCookie will check it vs Sympa and the user will be allowed to
access wikipedia and with the same session (cookie) he can access Sympa too
without providing more information.

The first step is to replace Sympa's own login system with my AuthCookie,
and that is what I was trying with generic_sso