Perl 6 - the future is here, just unevenly distributed

IRC log for #openam, 2015-03-12

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:26 pcypher joined #openam
01:07 pcypher joined #openam
07:19 KermitTheFragger joined #openam
08:06 aldaris joined #openam
09:14 KermitTheFragger hi all, i've got a question; say you have multiple realms with different users. How do you setup an application which would need users from multiple realms be able to login to it?
09:16 KermitTheFragger create subdomain for each realm where users log in and then after login redirect them to the app?
09:16 KermitTheFragger or can you create some sort of realm which only handles authentication but not the datastore itself?
10:10 asyd KermitTheFragger: well, guess you ah ve the / realm, /employee /partners for example
10:11 KermitTheFragger asyd: im just experimenting a bit, but yeah i was thinking about something like that, so /employee /partners/fooA /partners/fooB
10:33 aldaris joined #openam
10:42 aldaris if you want to achieve true multitenancy then I would suggest to have different cookie domains for each realm, and probably the same should be true for your apps as well
10:43 aldaris if a single app can be accessed by multiple tenants, then that will be difficult to deal with
10:45 KermitTheFragger aldaris: and what would be the best way to go about if you want multiple realms be able to access a single app? for example you want /employee and /partners/fooA to be able to access a single app?
10:48 aldaris so the app would have a single URL to access it on?
10:49 KermitTheFragger sure, lets say it uses oauth2 for the sake of the argument
10:50 KermitTheFragger i guess creating multiple URL's for the same app would also be an option (in order for OpenAM to figure out which realm to use)
10:50 aldaris I think then the question becomes then whether it's likely that the same browser attempts to access the same site but through different tenants
10:51 aldaris that is also true, there must be a way for the user to select which tenant to authenticate against
10:51 KermitTheFragger multiple URL's for the same app would fix that i guess?
10:52 aldaris yes, then you could use conditional login URL for example with agents
10:54 KermitTheFragger would that work with for example oauth2?
10:54 KermitTheFragger or do all agents support that?
10:55 aldaris agents don't support oauth2
10:57 KermitTheFragger ok, thanks for the insights! I'm going to experiment a bit!
12:56 KermitTheFragger aldaris: Is there some sort of globally unique ID for users one could access? The UID is obviously only unique for a single realm. I guess I could append the realm to the UID but maybe there is some attribute in OpenAm which is globally unique? Tried getting the guid via oath but thats a no go
13:43 aldaris joined #openam
15:07 pcypher joined #openam
15:46 aldaris joined #openam
19:00 aldaris joined #openam
20:17 aldaris joined #openam
21:20 aldaris joined #openam
22:00 aldaris joined #openam
22:22 pcypher joined #openam
23:46 aldaris joined #openam

| Channels | #openam index | Today | | Search | Google Search | Plain-Text | summary