We would like to replace the intalio security module with LDAP. Rick mentioned a LDAP connector was available.

We are using OpenACS & AOLServer to handle logins, and would like to seamlessly integrate with Intalio. If there is a better method to do single sign-on, please let me know.

Thx.

Hi,

paying customers should directly ask questions through the support interface, so they are answered quickly. Could you enter a new ticket there ?

Sorry for the inconvenience.

Hi,

The security module of Intalio|BPMS relies on RBAC and it entirely open source.
You can find it in the Tempo project.
We do provide an LDAP implementation that comes along an LDAP Visual Connector but it is offered as an option of the Entreprise Edition for our Gold and Platinum customers.

LDAP is definitely the best way to go to handle single sign on through the RBAC interface.

I hope this helps,

Arnaud

I would also like to see a single sign-on implementation, but was thinking more in the lines of:

1. Implementing Kerberos for authentication. Most efficiently by delivering a PAM module for Tempo.
2. Implementing SPNEGO for dealing with negotiation. Both Firefox and Internet Explorer support this mechanism.
3. Using the existing LDAP implementation purely for the authorisation partition of Tempo, where administration of authorisation is delegated to the LDAP server. The Tempo service/daemon should of course be configured to run using an account that has read access on the LDAP server. Credentials in configuration files is bad practice imho.