Hi Carlo,
On Tue, Oct 27, 2015 at 11:16 PM, <[email protected]> wrote:
> Hi,
>
> We're starting to hear our customers ask for 'claims based authentication'
> with our product which back end with ApacheDS.
>
the claims can come in many formats, SAML and JWT being two well known
structures
> I've researched it a bit and it's clearly beyond the goals of an LDAP
> server.
>
yes, indeed
> My question is, are any of you trying to implement something like this? If
> so, what is the stack you're using?
>
in web-SSO environments the Identity Provider(a.k.a IdP) can do this task
of authenticating users based
on the tokens and for this to work a trust relationship needs to be
established between the client app and
the IdP
> What are challenges, benefits, risks?
>
> challenges: 1. need to deal with more than one token format (SAML, JWT
etc)
2. managing the certificates, though majority of these
are self-signed(no _need_
for CA signed certs) they still need to be managed
benefits: more ways to authenticate than simple username and password combo
I don't see any risks with this approach other than a bit of complexity in
implementing
Thanks,
> Carlo Accorsi
>
>
>
>
>
--
Kiran Ayyagari
http://keydap.com
