Hi all
after I saw two hacks in our patch tracker to achieve this, I turned them into regullar auth method and the result is in patch tracker[1]. If you have time, please share your ideas about it...
[1]:https://sourceforge.net/tracker/index.php?func=detail&aid=1545366&gr...
hi
I saw two hacks in
which, from christian_boltz and ...?
Michal, it's interesting and I have a few comments.
I don't think we should force to have SignonURL. Let's take an application like Moodle that has its own auth method and keeps credentials available for all its modules. In the interface they would offer a link to phpMyAdmin and now with the new signon auth_type, they only have to set in their session $_SESSION['PMA_single_signon_user'] $_SESSION['PMA_single_signon_password']
then in PMA, configure SignonSession and the auth_type. PMA would not be called directly.
Forcing a SignonURL means that users first start PMA which calls an external URL for auth. I'm talking about the case when another app is started first.
Marc
Michal Čihař a écrit :
Hi all
after I saw two hacks in our patch tracker to achieve this, I turned them into regullar auth method and the result is in patch tracker[1]. If you have time, please share your ideas about it...
Hi
On Sun, 27 Aug 2006 07:25:04 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Forcing a SignonURL means that users first start PMA which calls an external URL for auth. I'm talking about the case when another app is started first.
But if user bookmarks phpMyAdmin, he needs to be directed to login page on next access, or di I miss something? Anyway you don't have to set SignonURL if nobody gets there without filled in session.
Michal Čihař a écrit :
Hi
On Sun, 27 Aug 2006 07:25:04 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Forcing a SignonURL means that users first start PMA which calls an external URL for auth. I'm talking about the case when another app is started first.
But if user bookmarks phpMyAdmin, he needs to be directed to login page on next access, or di I miss something?
Good point.
Anyway you don't have to set SignonURL if nobody gets there without filled in session.
After I log out, I get an error if SignonURL is not set.
Marc
On Sun, 27 Aug 2006 08:14:18 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Michal Čihař a écrit :
Anyway you don't have to set SignonURL if nobody gets there without filled in session.
After I log out, I get an error if SignonURL is not set.
And what else can we do? You need either SignonURL or LogoutURL, without those there is only error which can be displayed.
Michal Čihař a écrit :
On Sun, 27 Aug 2006 08:14:18 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Michal Čihař a écrit :
Anyway you don't have to set SignonURL if nobody gets there without filled in session.
After I log out, I get an error if SignonURL is not set.
And what else can we do? You need either SignonURL or LogoutURL, without those there is only error which can be displayed.
I see no alternative, should be OK. Your point about the need for a direct access (browser bookmark) confirmed the need for SignonURL.
I am in contact with the Moodle developer, he sent positive reactions and will send more reactions.
Marc
-
Jürgen Wind -
Marc Delisle -
Michal Čihař