Thanks Jacques! If so, I'll release a CAS plugin to make OFBiz offer OAuth2 alliance next week. I have cas 4.2.x version running in production environment, I'll upgrade it to cas 5.2.x and then release it.
-----邮件原件----- 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] 发送时间: 2018年8月19日 18:34 收件人: dev@ofbiz.apache.org 主题: Re: OFBIZ-10307: Navigate from a domain to another with automated signed in authentication Hi Jinghai, Actually I did not pick auth0 (not to be confused with https://en.wikipedia.org/wiki/OAuth) nor https://oauth.net/2/ because those need a central Identify server (as is the SAML protocol). I simply send a JWT token: https://en.wikipedia.org/wiki/JSON_Web_Token and https://jwt.io/ to Please refer to OFBIZ-10307 "Navigate from a domain to another with automated signed in authentication" Thanks for your interest. Jacques Le 17/08/2018 à 09:02, Shi Jinghai a écrit : > Hi Jacques, > > OK, I think the redis topic is jumped to next step. > > I have read the patches carelly, as a fan of Apereo CAS[1], I wonder why > choose auth0[2] rather than CAS. And is the implement OAuth2 alliance? > > [1] https://github.com/apereo/cas > [2] https://auth0.com/ > > Kind Regards, > > Shi Jinghai > > > -----邮件原件----- > 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] > 发送时间: 2018年8月16日 2:08 > 收件人: dev@ofbiz.apache.org > 主题: Re: OFBIZ-10307: Navigate from a domain to another with automated signed > in authentication > > Hi Jinghai, > > The problem with the token master secret key is to guarantee its secrecy at > max. > > We already discussed different solutions at https://s.apache.org/7yyR and > https://s.apache.org/IBDM > > How is Redis more secure than Postgres for storing values? > > Thanks > > Jacques > > > Le 15/08/2018 à 14:37, Shi Jinghai a écrit : >> Dear Jacques, >> >> On how to store the Tokens, as a token is a key, value is the UserLogin >> entity and/or other info, a key-value db, Redis[1] is a good choice. Redis >> is no.7 in db ranking in Aug 2018[2], becomes more and more popular. Goldman >> Sachs invested Redis team in last year[3]. It's common view now in China >> that Redis is better than any others including Gemfire of Pivotal, the >> railway ticket system of China replaced its 3 Gemfire clusters with 3 Redis >> clusters last year and then there are much less complains on how >> difficulties to buy spring festival tickets. >> >> Mr. Dai Haipeng contributed a Redis component in Jira[4]. >> >> [1] https://redis.io/ >> [2] https://db-engines.com/en/ranking >> [3] >> https://redislabs.com/press/redis-labs-secures-44-million-funding-led-goldman-sachs-private-capital-investing-strengthen-database-leadership/ >> [4] https://issues.apache.org/jira/browse/OFBIZ-9829 >> >> BTW, I'll try to review the patches. >> >> Kind Regards, >> >> Shi Jinghai >> >> -----邮件原件----- >> 发件人: Jacques Le Roux [mailto:jacques.le.r...@les7arts.com] >> 发送时间: 2018年8月15日 15:09 >> 收件人: dev@ofbiz.apache.org >> 主题: OFBIZ-10307: Navigate from a domain to another with automated signed in >> authentication >> >> Hi, >> >> Some time ago I created https://issues.apache.org/jira/browse/OFBIZ-10307. >> >> I asked for reviews but only Taher answered and he asked to know the goal of >> this new feature. >> >> It was actually developed for a client who needed to get from one OFBiz >> instance on a server (on a domain) to another OFBiz instance on another >> server (on another domain) without having to sign up between the 2 while >> keeping things secure. >> >> There could be many reasons why you want to split OFBiz application on >> servers. In their case it was for performance issues. >> >> The technology used is as secure as possible. Like OAuth 2.0 it uses a token >> but it does not need a middle authorization server (think to two-factor >> authentication) because it's only for OFBiz instances of the same version. >> >> To commit this work we need 1st to agree an commit the work done by Deepak >> at OFBIZ-9833 "Token Based Authentication" that I use in my last patch. >> >> For me there is only one question outstanding: how to store the Token >> secret. But this should not prevent us to commit Deepak's work. >> >> It's now a long time (9 months) since I started this work. And my last patch >> is ready for a month. >> >> I crossed several issues which are now all resolved. So please review and >> answer to this thread. >> >> Without negative comments well argumented I'll commit both OFBIZ-9833 and >> OFBIZ-10307 in a week. You can always test and review later, we use RTC. >> >> Also a veto on a commit is always possible... Of course, as ever, a good >> consensus is preferred. >> >> Let me know if you need more information about the goal. For the technical >> details I think I already provided them the in OFBIZ-10307. >> >> Jacques >>