How to switch off authenticity in Wiki server
Hi, I am trying to find out how I can prevent the authenticity check used in Wiki Server (Lion).
So far I understood this is a recommended behavior from the HTTP specification and absolutely makes sense for the security.
Still, I am running in a private environment where I would like to use a login mechanism from another website.
Users need to be logged in to the other website (with identical authentication settings) before this mechanism becomes available.
I found: http://api.rubyonrails.org/classes/ActionController/RequestForgeryProtection/Cla ssMethods.html
But not sure where to look for when it comes to the configuration/modification of the OS X Wiki server.
Best would be to allow a simple "POST" with username and (maybe hashed) password instead of fetching and tweaking the login mechanism.
The authentication source behind is Active Directory for both cases.
The aim of this question is to have a "Single Sign On" in an environment where Kerberos is not supported.
Someone can help or has an idea where to start?
Mac OS X (10.7), Wiki Server 3