Single Sign On

[michaelwechner]

Hi

The following page

http://www.konakart.com/product/customization

says that single sign on is possible by using KonaKart's login checks, but I am not sure if this is
refering to

http://www.konakart.com/docs/CustomCredentialChecking.html

?

Or is there any other documentation on this?

Thanks

Michael

[julie]

Take a look at MySecurityMgr.java under  KonaKart\java_api_examples\src\com\konakart\apiexamples

[michaelwechner]

Thanks for this pointer, but I can not find such a class (at least within the community edition):

ls java_api_examples/src/com/konakart/apiexamples/
BaseApiExample.java         InsertOrder.java         RunCustomQuery.java
GetCustomer.java         MyProductMgr.java         SearchForProductsByTags.java
GetManufacturerProducts.java      RegisterCustomer.java

Is it possible that this example is missing within the community edition?

Thanks

Michael

[julie]

Yes, you're right. it's only EE . The reason is that it extends a manager which is only shipped in the Enterprise version.

[michaelwechner]

Thanks for the confirmation. We have ordered now a EE version and as soon as it will arrive will try again.

Thanks

Michael

[DispatchMediaGroup]

So, reading through this post, and seeing one other referring to Custom Credential Checking (http://www.konakart.com/docs/CustomCredentialChecking.html), I'm still unsure as to how one could implement a true Single Sign-On (SSO) solution.

I do not want to just circumvent KonaKart credential checking and give someone access if they meet certain requirements.  I want to truly implement an SSO solution; a user on our site should be able to seamlessly go from our registration system to KonaKart.

Specifically, we use OpenCMS to manage all users, whether administrators or end-users visiting our website.  I want to create a solution that would allow a user to log in to our OpenCMS-managed system and also be logged in to KonaKart.  The main way this coupling would be used is if a user on the OpenCMS side logged in to our system and then wanted to purchase a product.  When they add an item to their cart and proceed to checkout, I would want to be able to use the information stored within their OpenCMS user object to fill out form data, etc.

Is this desired functionality only available in the Enterprise Edition?  Or is this something that can be achieved using the Community Edition?

[julie]

I suppose it's possible with the community version but you have to do more work. Basically you need to specialize the security mgr and especially the login() and checkSession() methods.

The part that is done for you in the Enterprise version is to save the SSO token for the customer (passed in as a parameter of the login() call) and to retrieve it during the checkSession() call so that it may be verified by the SSO system.

What you also need to do behind the scenes is to register a customer within KonaKart (if not already registered) when he attempts to login with the SSO token. i.e. you need to get the customer information from OpenCMS, determine whether the customer already exists in the KK database and if he doesn't then you need to register him. If he does exist, then you should log him into KK and maybe update his addresses to ensure that he has the latest address information from OpenCMS.

Hope that helps !

[DispatchMediaGroup]

Ok, that was pretty much what I expected; we actually take that same approach now between a proprietary registration system and a multimedia platform called KickApps.

However, I'm having the same problem as @michaelwechner - I cannot find the security manager class of which you speak.  I do see LoginIntegrationMgr.java, but that doesn't seem to contain any of the previously mentioned methods (i.e. checkSession(), etc.).  Is this where I need EE?

One more question: if I end up being able to accomplish SSO with the community edition, how would I deal with generating a valid SSO token to be used throughout the user's session?

[DispatchMediaGroup]

Addendum to earlier posts:

I talked a little bit with the boss about the SSO limitations we've been discussing here in the forum, and that conversation changed the scope of the project a tad bit.  In short, we do not really need a true SSO solution, as I had previously stated.  What we need will just seem like SSO.

Ultimately, we need to have a user go to checkout and have the form data be pre-populated (e.g. address info, name, etc.).  This means that I do not actually care if the user is registered within KonaKart or not; in fact, this seems to be the same as what KonaKart documentation refers to as 'one page checkout' (true?  not true?).  I do need to somehow pass the OpenCMS user data to the KonaKart checkout forms so that it can be used.  This I'm not so sure how to do, though.  Perhaps map values from the OpenCMS user object to a KonaKart customer object and then put that in the Session for use on the JSP by Struts?

Now, some of our products would require registration, and here's the solution I've come up with for that.  Since I have direct control over the header and footer for all KonaKart pages, I could just insert some code into the header that would check for a token.  That token would be placed there upon a user logging into our OpenCMS system.  If the token was not present in the KonaKart header, the user would simply be redirected to a log-in page (or some such similar action).

With this solution in mind, I do see at least one caveat: how would our system (i.e. an OpenCMS eCommerce module) track orders placed by a user?  If I understand KonaKart well enough, orders are stored using the email address as its identifying attribute, no?  So if that's true, I should be able to retrieve all orders based on a user's email address.

Does this seem like a manageable workaround to accomplish my company's goals while continuing to stay within the bounds of the Community Edition?  Am I breaking the future upgrade path for new versions of KonaKart by doing any of these things?  And thank you for your help with these questions, @julie, it's very much appreciated!

[julie]

Hi,

Rather than reinventing the wheel, maybe you should contact TFLSA http://blog.tfsla.com/2010/04/ecommerce-integrado-a-opencms-konakart/#comments who have done quite a lot of work in this area, integrating KonaKart with Open CMS.

If your Spanish is as fluent as mine, I suggest you get Google Translate to convert it to English 

[DispatchMediaGroup]

Haha, they were actually my first stop, but they are using their development in this area for commercial purposes.  And unfortunately, it is not within the scope of this project to incur any greater a monetary expense than what it costs for me to sit and develop.

[DispatchMediaGroup]

So, with that said, do my previous ideas make sense?  Any ideas on pre-populating checkout form data with OpenCMS user info?

[julie]

Alot depends on how you are doing the integration. If you are using the KonaKart SOAP API from within OpenCMS (which is the way our Open CMS module works) then all of your pages will be Open CMS pages and so you should have no problem pre-populating a form or calling a KonaKart API call with data retrieved from Open CMS.

[DispatchMediaGroup]

That's close to what we want to do.  Basically, we want to keep the coupling between he two systems as loose as possible, linking off to the prepackaged pages that KonaKart uses.

For example, if we had a news story that talked about rain or something weather-related, we might include a link on that story page off to a KK product page for an umbrella.  The KK pages would be customized so that the general look and feel of those pages wouldn't be all that different from our OpenCMS-generated pages.  This approach keeps development to a minimum; in fact, the lack of need for any large amount of development is why we're trying to go with KK as our solution.  The only catch is allowing the checkout process to seem like an SSO experience - pre-populating the form data for checkout with information stored within our OpenCMS system.

If I understand your approach correctly, it seems to me that I would have to do some more extensive development of the KK OpenCMS module.  By coupling the two systems as closely as you seem to suggest, wouldn't I have to rewrite a lot of the functionality KK has provided me OOTB?  So, I'd have to have layout pages and such for products, for checkout, etc.  KK has all of that already, and I want to try and use what they've given me with as little modification as needed.  Is that true, or am I over-complicating this?  I suppose I could throw some custom code in the Header.jsp and have it look for some OpenCMS User bean in the Session, perhaps, which it could then take and use to assign the pertinent data from that bean to its corresponding KK Struts elements on the JSP at checkout...?

[julie]

Do you plan to have KonaKart running in a separate web app or in the same web app as Open CMS ?