So what would best practice be if trying to utilize off-site authentication along with Cake's access control?
I'm trying to build all Saml functionality into a plugin so that I can utilize it in my other applications, so while I'm still not sure what the best method is, I'm thinking perhaps:
- If a page requires authentication, AuthComponent seems to send them to my /users/login function, so based on that:
- /users/login uses my CakeSaml plugin's SamlAuth component to initiate SAML login (and redirect the user to the identity provider), as well as passes a ReturnURL for the user to return to
- User authenticates and returns to the ReturnURL (somewhere in a controller within my plugin)
- Plugin controller calls $this->Auth->login(), providing the user record returned from the identity provider
- AuthComponent will call my SimpleSamlAuthenticate module's authenticate() method which will verify that the user record in the session is valid and either return the record, or false if it is invalid.
Is that a decent flow for such a login procedure, or am I overlooking something?
I'm unfortunately fairly new to CakePHP's AuthComponent--in the past it didn't allow me to do what I needed for some of my sites, so I never ended up using it for any of my sites. With the changes in 2.0, however, I think that it just might be able to do everything I need, thanks to its extensibility.
Anyway, thanks again! I'm loving working in CakePHP 2.0 beta so far!
Ben McClure
-- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment