SAML protocols using pac4j

Larry McCay (JIRA) Wed, 13 Jan 2016 10:38:59 -0800

    [ 
https://issues.apache.org/jira/browse/KNOX-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15096747#comment-15096747
 ]


Larry McCay commented on KNOX-641:
----------------------------------

I'm trying to configure the pac4j provider for an okta "application" that I 
created.
The following (from KNOX-642 docs patch) isn't quite enough to make it clear to 
me how to go about doing so:

          +saml.keystorePassword | Password of the keystore (storepass)
          +saml.privateKeyPassword | Password for the private key (keypass)
          +saml.keystorePath | Path of the keystore
          +saml.identityProviderMetadataPath | Path of the identity provider 
metadata
          +saml.maximumAuthenticationLifetime | Maximum lifetime for 
authentication
          +saml.serviceProviderEntityId | Identifier of the service provider
          +saml.serviceProviderMetadataPath | Path of the service provider 
metadata

I assume that I can use the gateway.jks keystore and the gateway-identity 
keypair to do the request signing and that that information is what is needed 
for the first 3 params. Unfortunately, I don't see any use of gateway services 
to get the master secret therefore it needs to be in clear text here. This 
won't work - but may not be a show stopper for committing to master as long as 
we follow up with a fix.

Can saml.identityProviderMetadataPath point to a remote location or does it 
have to be local to the SP application. This would likely require it to be on 
the local filesystem, provisioned by the contributor into the generated web app 
or in some central location via NFS or something like that.

The okta application that I created is called KnoxSSO - is that the value for 
saml.serviceProviderEntityId?

The saml.serviceProviderMetadataPath has the same questions as the metadata for 
the IDP. In addition, is there a sample metadata file that we can provide for 
the use of pac4j with KnoxSSO?

> Support CAS / OAuth / OpenID C / SAML protocols using pac4j
> -----------------------------------------------------------
>
>                 Key: KNOX-641
>                 URL: https://issues.apache.org/jira/browse/KNOX-641
>             Project: Apache Knox
>          Issue Type: New Feature
>            Reporter: Jérôme Leleu
>            Assignee: Jérôme Leleu
>             Fix For: 0.8.0
>
>         Attachments: KNOX-641.patch, knox641.patch2
>
>




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (KNOX-641) Support CAS / OAuth / OpenID C / SAML protocols using pac4j

Reply via email to