Il 23/09/2013 13:51, Strunk, Wolfgang ha scritto:
Hi Fabio,
You also should consider oAuth for SSO and might have a look at Apache
Oltu (http://oltu.apache.org/).
Hi Wolfgang, sounds really interesting.
Thank you for your contribution.
Regards,
F.
Regards
Wolfgang
*From:*Fabio Martelli [mailto:fabio.marte...@gmail.com]
*Sent:* Monday, September 23, 2013 1:42 PM
*To:* user@syncope.apache.org
*Subject:* Re: Release Maggiore and authentication modules
Il 23/09/2013 11:37, Oliver Wulff ha scritto:
Hi Fabio
I sent this mail in the mailing list because I didn't really get
much information from the jira tickets.
Right now, I'm looking into add SSO capabilities to Syncope with
Apache CXF Fediz IDP. I noticed that security in the console is
done with wicket whereas in the core you use spring security. I
noticed also the JIRA to probably use Apache Shiro which is very
close to Spring Security. Where do you want to use Shiro - console
and/or core?
Apache CXF Fediz uses WS-Federation and SAML tokens for
authentication which means the console gets a SAML token which
contains the roles of the user. Due to the fact that the same
roles are used for the core, this SAML token could be sent to the
REST services. CXF JAX-RS supports SAML as described in [2].
WDYT?
Hi Oliver, as per SYNCOPE-160 it should be investigate the way to add
the basis to provide access management features.
I think that Shiro can be used onto the core, mainly. The console
would be a generic client of Apache Syncope that will have to
communicate with it in respect of authentication/authorization
mechanism configured.
Currently, I don't know which will be the auth solution to be
implemented for the console.
I don't exclude to protect the console via an Apache Syncope (AM)
agent writen ad-hoc.
Apache Shiro is just an idea; CXF Fediz could be avaluated as well.
Best regards,
F.
Thanks
Oli
[2]
http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader