SignToken


#1

hi,
I’m working in extending the login engine to use a signed token to login
in addition to user and password.
The idea is that a random token is presented, the user click the ‘sign &
login’ button, choose the
certificate to use (X509 Certificate), sign the token and present it to
the login engine, validate it and if all is ok, you are logged in…
At this time a proof concept is working with Firefox 1.5 and the changes
in the LoginEngine are little and integrate very well.
I have two questions about the LoginEngine at this time:
1- LoginEngine don’'t have a :login_page config like UserEngine to
change the default page, but UserEngine don’t have a ui to login, that
LoginEngine have… why this option is in UserEngine and not in
LoginEngine ??
2- I need a couple support functions (generate random tokens, signature
validation, etc), where is the best place to put then ?

TIA

:: Nelson ::


#2

On 3/6/06, nelson removed_email_address@domain.invalid wrote:

I have two questions about the LoginEngine at this time:
1- LoginEngine don’'t have a :login_page config like UserEngine to
change the default page, but UserEngine don’t have a ui to login, that
LoginEngine have… why this option is in UserEngine and not in
LoginEngine ??

The LoginEngine represents the minimum amount of work to transform the
SHLG into an engine, and as such leaves something to be desired in
terms of it’s design. The UserEngine in particular needs to know
where the login page is because it has a more sophisticated ‘nu-uh you
can’t do that unless you’re logged in’ mechanism, but also because it
was developed with a bit more freedom than the LoginEngine.

The short answer is that there is no good reason for this, and
future versions may correct this.

2- I need a couple support functions (generate random tokens, signature
validation, etc), where is the best place to put then ?

Probably in the AuthenticatedSystem module…

  • james

  • J *
    ~