+1. Colm.
On Mon, Sep 23, 2013 at 1:01 PM, Francesco Chicchiriccò <ilgro...@apache.org > wrote: > Hi all, > if there is some interest around enhancing Syncope with access management > features - as it seems to me when reading this thread - I'd suggest to > start a [DISCUSS] thread on dev@ ML; such features are currently planned > for 3.0.0 Maggiore (i.e. in the far future) but can be shortly moved back > to 1.3.0 or even 1.2.0 if there are few volunteers. > > WDYT? > > > On 23/09/2013 13:56, Fabio Martelli wrote: > > Il 23/09/2013 13:51, Strunk, Wolfgang ha scritto: > > Hi Fabio,**** > > You also should consider oAuth for SSO and might have a look at Apache > Oltu (http://oltu.apache.org/). > > Hi Wolfgang, sounds really interesting. > Thank you for your contribution. > > Regards, > F. > > **** > > ** ** > > Regards**** > > Wolfgang**** > > ** ** > > *From:* Fabio Martelli > [mailto:fabio.marte...@gmail.com<fabio.marte...@gmail.com>] > > *Sent:* Monday, September 23, 2013 1:42 PM > *To:* user@syncope.apache.org > *Subject:* Re: Release Maggiore and authentication modules**** > > ** ** > > Il 23/09/2013 11:37, Oliver Wulff ha scritto:**** > > Hi Fabio**** > > **** > > I sent this mail in the mailing list because I didn't really get much > information from the jira tickets.**** > > **** > > Right now, I'm looking into add SSO capabilities to Syncope with Apache > CXF Fediz IDP. I noticed that security in the console is done with > wicket whereas in the core you use spring security. I noticed also the JIRA > to probably use Apache Shiro which is very close to Spring Security. Where > do you want to use Shiro - console and/or core?**** > > **** > > Apache CXF Fediz uses WS-Federation and SAML tokens for authentication > which means the console gets a SAML token which contains the roles of the > user. Due to the fact that the same roles are used for the core, this SAML > token could be sent to the REST services. CXF JAX-RS supports SAML as > described in [2].**** > > **** > > WDYT?**** > > Hi Oliver, as per SYNCOPE-160 it should be investigate the way to add the > basis to provide access management features. > I think that Shiro can be used onto the core, mainly. The console would be > a generic client of Apache Syncope that will have to communicate with it in > respect of authentication/authorization mechanism configured. > > Currently, I don't know which will be the auth solution to be implemented > for the console. > I don't exclude to protect the console via an Apache Syncope (AM) agent > writen ad-hoc. > > Apache Shiro is just an idea; CXF Fediz could be avaluated as well. > > Best regards, > F. > > **** > > Thanks**** > > Oli**** > > **** > > [2] > http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader > **** > > > -- > Francesco Chicchiriccò > > ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC > Memberhttp://people.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
