Comments on: JSJaC inherit http://blog.jwchat.org/2009/01/17/jsjac-inherit/ coding and stuff Fri, 30 Jul 2010 01:43:11 +0000 http://wordpress.org/?v=2.5.1 By: Simon Wilkinson http://blog.jwchat.org/2009/01/17/jsjac-inherit/#comment-223789 Simon Wilkinson Sat, 17 Jan 2009 16:04:36 +0000 http://blog.jwchat.org/?p=121#comment-223789 We actually achieve the same kind of idea, but in different ways. We have a Kerberos based single signon environment - and we wanted to use Kerberos to allow Web users to authenticate through JWChat to our web server. To do so, we protect the HTTP session that the HTTP bind is running on, and patch JWChat to request the EXTERNAL authentication mechanism. At the other end of the HTTP bind connection we have a modified punjab, which swallows the SASL EXTERNAL request, and instead initiates a SASL GSSAPI (a Kerberos encapsulation) connection with our Jabber server. Only once that is sucessful does punjab return a response to JWChat indicating that the user is authenticated. In this way, we can transparently authenticate users against our service, without either the client, or the server being aware that anything peculiar is going on. More details are at http://blob.inf.ed.ac.uk/sxw/2008/09/19/integrating-jabber-web-interfaces-with-cosign-and-other-sso-technologies/ We actually achieve the same kind of idea, but in different ways. We have a Kerberos based single signon environment - and we wanted to use Kerberos to allow Web users to authenticate through JWChat to our web server. To do so, we protect the HTTP session that the HTTP bind is running on, and patch JWChat to request the EXTERNAL authentication mechanism. At the other end of the HTTP bind connection we have a modified punjab, which swallows the SASL EXTERNAL request, and instead initiates a SASL GSSAPI (a Kerberos encapsulation) connection with our Jabber server. Only once that is sucessful does punjab return a response to JWChat indicating that the user is authenticated.

In this way, we can transparently authenticate users against our service, without either the client, or the server being aware that anything peculiar is going on. More details are at http://blob.inf.ed.ac.uk/sxw/2008/09/19/integrating-jabber-web-interfaces-with-cosign-and-other-sso-technologies/

]]>