I’m working in extending the login engine to use a signed token to login
in addition to user and password.
The idea is that a random token is presented, the user click the ‘sign &
login’ button, choose the
certificate to use (X509 Certificate), sign the token and present it to
the login engine, validate it and if all is ok, you are logged in…
At this time a proof concept is working with Firefox 1.5 and the changes
in the LoginEngine are little and integrate very well.
I have two questions about the LoginEngine at this time:
1- LoginEngine don’'t have a :login_page config like UserEngine to
change the default page, but UserEngine don’t have a ui to login, that
LoginEngine have… why this option is in UserEngine and not in
2- I need a couple support functions (generate random tokens, signature
validation, etc), where is the best place to put then ?
:: Nelson ::