Content-Type: text/html

Thanks all!  I do realize that in a web application, you can use a variety of mechanisms to store session state.  We are also a ColdFusion shop but mainly use it to develop backend web services for Flex application front ends.  Typically, when we need to secure applications, we park the entire application behind the login and don't worry about  trying to restore their state when they return, but most of our applications are for internal users anyway.  As I've mentioned to several who direct replied to me, I think what I was really to express is the need to authenticate users with their MSU NetID's from applications which don't run inside a web browser.  We've been looking at options for developing iPad and Android applications and one sticking point is how to authenticate users.  Any ideas from the group or is anyone already doing this?

From: Kriegel, Robert [mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>]
Sent: Thursday, March 22, 2012 4:03 PM
To: <a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>
Subject: Re: Feature Request -- opps

I stand corrected.  Carl is right!  In Sentinel V4 you have to return to a static URL.  And I have not yet tried passing a query string to the login page and handling it in a non-visual page.  The Sentinel authenticated application I was thinking of still uses Sentinel V2.
bob

From: <a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a><mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>> [mailto:carl.bu<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>]<mailto:[mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>]> On Behalf Of Carl Bussema III
Sent: Thursday, March 22, 2012 3:43 PM
To: Kriegel, Robert
Subject: Re: Feature Request

I thought Sentinel required a single static "return URL" -- so you always redirect back to page X after a successful login (that said, you could use Cookies, and I suggested that to Jade directly). Can you pass a return URL parameter to the login page? Then I could see doing what you suggest.

Carl Bussema III
Information Technologist
Michigan State University Outreach & Engagement
Phone: (517) 353-8977 * Fax: (517) 432-9541
<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a><mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>>

On Thu, Mar 22, 2012 at 3:26 PM, Kriegel, Robert <<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a><mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>>> wrote:
Hi Jade,

Yes!  The easiest way to deep link into a combined public/private application is to pass the needed parameters on a query string.  These can be encrypted if database foreign keys or other sensitive data is being passed.  Typically, you do not need to store entire application state; but you do need to be able to recover the page state from the query string.

I am currently doing this in two different enterprise-level, ecommerce ColdFusion 9 applications.  One of these uses Sentinel v4 authentication; the other uses LDAP authentication against Windows Server 2008 domain accounts.

If CAFÉ participants are interested, I would be happy to talk about these in a future WEBDevCAFÉ meeting.

Robert Kriegel
Systems Analyst II
ANR Technology Services
Agriculture Hall
446 W. Circle Drive, rm 221
Michigan State University
East Lansing, MI 48824
phone:  517.353.4890 ext. 169<tel:517.353.4890%20ext.%20169>
fax:  517.353.5341<tel:517.353.5341>


From: Freeman, Jade [mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a><mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>U.EDU>]
Sent: Wednesday, March 21, 2012 4:56 PM

To: <a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a><mailto:<a href="/cgi-bin/wa?LOGON=A3%3Dind1203%26L%3DWEBDEVCAFE%26E%3Dquoted-printable%26P%3D1662825%26B%3D--_000_C83FF692342A364D8D73E388C3C6D5021DEB517DF7ppsexchange2_%26T%3Dtext%252Fplain%3B%2520charset%3Diso-8859-1" >[log in to unmask]</a>>
Subject: Re: Feature Request

I don't want to hijack the thread but one of my frustrations with Sentinel is that as it is difficult to do mid-step authentication.  In other words, your user is 10 screens into an application and you want to let them know that if they login and are authorized, they would be able to see more, secured, information.  To make this work with Sentinel, as the developer you have to develop a mechanism to store complete application state so that when you return from the Sentinel login, you can take them back to the exact same spot in the application as they were only now showing the secured information.

For applications that are entirely secured (you must login to access any part of the application), this isn't really a problem but for applications that offer a mix of public and secured functions / information, this is more difficult.   It would be nice if there was a way to use Sentinel to authenticate users in this type of workflow.  Has anyone found a way to do this?