Pentaho Acegi Security Framework Digest Authentication & Ruby on Rails

Question

Hi all,

At the moment I have a Ruby on Rails application which maintains my Users, I have a seperate application (Pentaho) which uses Acegi/Spring Security to authenticate Users.

I have been able to change the way Acegi/Spring Security authenticates Users and now it points to my Ruby on Rails application's database and I can get Users authenticating fine with a form based login.

I was wondering if it is possible to forward my Users from my Ruby on Rails application to the Pentaho's Acegi/Spring Security and have them authenticated without having to fill out a login form? (I'm NOT looking to use CAS/SSO)

I have done some research and seen that you can use:

• URL Parameters i.e. http://www.domain.com/auth?userid=%5Busername%5D&password=%5Bpassword%5D
• Basic Authentication
• Digest Authentication

Obviously using the URL parameters method is not secure even over HTTPS as it passes clear text passwords (so does Basic Authentication) so my last resolution is Digest Authentication.

How would I go about pushing user credentials from my Ruby on Rails web application to Pentaho which uses Spring/Acegi authentication and having the user authenticate without having to fill in a form?

What changes would I need to make to Spring/Acegi framework? What sort of link or method would I need to create in Ruby on Rails to do this?

Any help would be appreciated!

Answer 1

The application (server side) on to which the user has already logged passes on the user id to the other application and gets a short living token in return. This is secure as it happens between applications. The user is then redirected to the second application with the token. We have achieved SSO between two applications this way. I am interested to know if you have achieved the same by other means.