Flex :: SSO / Authentication Between Joomla And Application
Sep 17, 2010
I am developing an application in Adobe Flex. This application is to be hosted on a Joomla Website. I want to achieve Single Sign On between my Joomla website and this Flex Application. The Users log in using the default Joomla Mechanisms however I want the username as well as some other details about the user inside my Flex Application.
I'm using Google Engine App with Python. I want to add custom user authentication. How is it done, with the best practices? I want custom authentication because the app is built in Flex and I don't want to redirect to an HTML page.
The user value object is like this: class User(db.Model): email = db.EmailProperty(required = True, indexed = True) masked_password = db.StringProperty(required = True) # maybe more things here
I would like to mask the password, is there some built in function in GAE? Then, how I will remember the current user? Through sessions and cookies? Or what else?
does anyone have an idea or developed before windows authentication through flex application.I have a semi solution when user enters his/her AD username and password, and application send this data to web service which handles AD authentication, but this is one extra step which will give full comfort for users.
I am working on creating an FMS application which does an authentication on server side too. I hvae gone through a number of tutorials and the developer guide but not able to find a correct way to start working on this. I have been able to create a sample application which authenticates few parameters on the server side using the main.asc file with code for authentication on onConnect method. My main doubt right now is how do I set up an application which streams videos depending on this authentication. I am confused on how to setup a new application, how to setup the application.XML, which folder to store the files etc. Can some one guide me on this or give me reference to an application which actually does. A sample/tutorial which actually setups a custom FMS application for simple video streaming from scratch step-by-step would also do.
I am trying to access a .Net service which requires an authentication header. If WebService is used it works fine. But when it is accessed using HTTPService it throws error. The project is already done by somebody else using HTTPService. Now changing to webService requires some time since there needs to be modification in a lot of files.
Below is the SOAP envelop required by the service.
I want to have flex portlets side by side with JSP portlets. How can we implement the authentication mechanism? [ Authentication will be handled by the portal and how can we share the same session with flex portlets ]
Some background: I have a Flex app embedded in an HTML page and am using Flex to send a soap request to my Java backend that does some authentication depending on the username and password entered in the Flex form. If I enter the correct login everything works fine and the Flex app can continue making further requests. But with an incorrect username/password, an "Authentication Required" dialog box pops up in my Browser and my Flex app won't respond with its proper handler until I click cancel. I'd like to get rid of the dialog box somehow,
How would one create a video or audio stream using OSMF when there must be basic authentication on the url?Can one feed in Audio/Video using HTTPService to provide the header authentication?
We have a situation where a web application within an intranet requires windows authentication. This way employees of the company can login to their desktops and have automatic access to the web application and also be identified automatically without having to login because Windowns Authentication takes care of that. The problem is that we've added a Flex module to the web application. The web application comes up fine and authenticates the user can then navigate to the page where we have the Flex application. Which loads fine. The problem is that the Flex application also needs to communicate with the same server about this user but this communication is not working and is prompting the user for a password. Even if the correct user/pass is entered it fails and the Flex application can't talk to the server which requires Windows authentication.
Our expectations was the since the IE browser housing the flex application was already authenticated that all communication from the Flex app would also carry with it the necessary information to enable it to access the server without authentication.
In AIR on Mac, when I send login creds to a service and they're incorrect, AIR displays a native popup window to try logging in again without dispatching an error event. Twitter provides a header (suppress_response_codes=true), which returns any error as a status 200 with the error message. I'm using HTTPService to connect to a service without a header like this. Are there any properties or headers I can send to avoid this popup?
I have flex client application with php as a server and i want to implements domain user and password authentication. I'm sending the user and the password from the flex client through httpservice to php script and the php script authenticate the user and the password with the domain But! I want to encrypt the user's password in flex and to decrypt it in the php. I have the as3crypto.swc module for the flex but I don't find any way to decrypt it in the php. So, how can I do that and If this is not the right way to do that how can I do that?
I have a web application developed using flex and cakephp. My client need to make a desktop application of that web application using Adobe Air. The conversion of the flex to Air is done successfully. I the flex application the communication of flex and cakephp is handled using a remotes controller. In air application I have a problem of authenticating the user with cakephp default user authentication
Almost everything is in the title : Here's what I'd like to do :A nice html page with a php authentication process (http first then http**s** & so on) Launch a flex app which knows (I don't know how (this is the actual question !)) the user has already been authenticated and display his/her stuff he/she has to do for the day (or whatever...).
Of course if someone try to call directly the flex app I would display an "authentication error" message and then redirect to the authentication page.I'm sorry for my English which is perfectible.I was thinking about the session cookie : first authenticate then ass a variable on the server side, something like :
I want to call web service which has basic authentication.once url get authenticated then want to call particular service example xyz() which takes 2 parameter and return a flag .
I have a flex app that allows the user to upload a file.The flex side uses the FileReference.upload method that goes to an .aspx page that handles the upload. It works only intermittently when I have IIS set to integrated windows authentication.That said, for testing purposes,I wrote a separate aspx page that does a file upload and this always works.I'd like to leverage the file import,though, within the nice looking flex app and not kick off a new webpage for a file upload.In looking at the IIS logs I have a hypothesis as to what's happening, and want to know if someone has full understanding as to why it may only intermittently work and can confirm or deny this: Flex' FileReference upload guts does whatever it does on the client then initiates a POST request to my .aspx page.On the times it failes, the IIS logs state that IE didn't pass the credentials so denies the request then sends a 401 response.
I don't get this 401 response on the flex side even though I'm listening for HTTP status codes (flash bug?).A new request is somehow immediately made to perform the upload again (it's not my code). I'm inferring this by looking at the IIS lgos which shows a second POST right after the previous one, only this time the user credentials are sent through, but the kicker is that the file the user uploaded is not uploaded this time. I infer this by the fact that the IIS logs show 0 bytes are posted, whereas the previous 401 request show a lot of bytes are POSTed.On the times it does work, what happens is that the first request for the HTTP POST the FileReference makes so happens to send the windows credentials along, so the client is not challenged.
I'm using Flex 4(beta2) with Ruby on Rails 2.3.5 and using RubyAMF to transfer data back and forth between Flex and server. set up Authlogic on the Rails side for authentication. wasn't sure what's the best method to handle user sessions. I know this is done automatically with Rails by sending session id with cookie which Rails use to authenticate the user.What do you suggest the best way to do this with Flex?I thought of couple of options:1. Manually fetching the cookie from the browser and then figuring our a way to send that to the server with every request I send. 2. Handling sessions expiration and flow on Flex side by manually expiring the session
I'm using Spring, Spring Security, BlazeDS, Flex and spring-flex.I know that I can call channelSet.login() and channelSet.logout() to hook into Spring Security for authentication.channelSet.authenticated apparently only knows about the current Flex session, as it always starts off as false, until you call channelSet.login().hat I want to do: Check from Flex to know if a user is already in a session.
I have a set of RESTful web services. These services are protected on a Glassfish server by OpenSSO. When I attempt to call the RESTful services directly from a browser, OpenSSO intercepts the request, then forwards the request to the REST service once the user's credentials are authenticated. OpenSSO utilizes a session cookie on subsequent requests (until the session is invalidated) . I'm sure this piece is working correctly.We'd like to call these services from a Flex client. In order to enable PUT and DELETE operations, we set up BlazeDS to proxy the RESTful requests from the flex client to the REST service. When security to the RESTful services is disabled, this piece works great.
Now we're trying to secure the entire application. We've placed the Flex SWF into a war and deploy to Glassfish. We've placed security around this resource and when a user attempts to download the SWF (through an HTML link in the war), OpenSSO intercepts the request, then forwards to the application on successful authorization (just like it does for the RESTful web services).The problem is - the RESTful calls made by the Flex application (via BlazeDS) are failing. OpenSSO seems to be intercepting these requests as well and again asking for the users credentials. It doesn't seem the authentication cookies are being passed to (or maybe by) the BlazeDS proxy.
Are there any differences implementing Flex application security in a clustered Java environment (such as Oracle Application Server/OC4J or a JBoss cluster) vs a single application server environment? (And/or does it depend on the specific environment software?)
What considerations are there in a situation where you need to authenticate with LDAP (AD) and store user access information in a database (ex. USER table containing username + permissions/roles info)? Any differences between Blaze DS and Granite DS?
I have a flex app hosted on a windows server running IIS. That same server has some rest services that the app interacts with. The rest services have windows authentication so that their urls cannot be called without credentials. The flex app needs to be accessible to the public so its files are accessed by enabling anonymous access. The problem is of course that when the app tries to call the rest services the browser pops a dialog box asking for windows username and pass. I naively hoped that if I set the anonymous access on the flex site to use the credentials of a windows account that had permission to view the rest services that would resolve the matter. I hoped that IIS would see the browser used the proper creds to view the flex app and use those same creds to get the rest services. Wrong, that didn't work.
So is what I want impossible? I'd like to find a way to not force the user to enter windows creds, keep the rest services using windows authentication, and have the flex app able to access the rest urls. Any ideas? Am I missing something? Also, it may turn out that the flex app is running on http and the rest services must be called with https. Does that change your answer?
We use the FileReference component to upload file in Flex. But if the application is deployed within an environment having NTLM authentication (Windows Integrated Authentication), the upload capability will not work, and each time a message box will be popup asking the user to input credentials.I've queried some resource from internet and it seems this is a bug of FileReference component.
I'm building a website in Joomla 1.5 content management system. I can make my swf files play if hard coded into a web page or from Dreamweaver etc.
I am trying to play my swf files from a Joomla module, either a custom html module or from an extension I have downloaded (Flash Module) that is specifically made to play Flash in a module.
Are there any really important things I need to know when building a Flash header for a Joomla website? Will the header need to be scalable? Can I use bitmaps? Are there any restrictions when developing for a Joomla site like AS2 only?
I was wondering if anyone know how I could output content from Joomla as XML which I can then use in Flash? I would like to be able to use Joomla as the backend CMS and a Flash frontend which pulls and article's content from the CMS and outputs it as XML. Something like this: [URL]
I want to add music which runs in the background of a website being developed for a client. The site is generated in Joomla. Does anyone knows about any component (or any way) through which I can add music which runs in the background of the website.
I know it can be achieved via embed tag in the index page of the selected template, but one additional requirement (from the client) is whenever any visitor clicks on any other link, the music should continue but not start from the beginning.