Hi Cris, It should be possible. For one of my projects I had to implement something similar to support OAuth2 based logins to a sling based server using the facebook/google/twitter oauth support.
I basically needed 3 main custom OSGi services to make it work: 1. A custom impl of AbstractAuthenticationFormServlet that was used to initiate the oauth challenge from custom buttons on the login page. 2. A custom org.apache.sling.auth.core.spi.AuthenticationHandler service that handles the requesting/extraction/validation of the credentials from the external oauth provider. I used the scribejava library for the OAuth conversations (https://github.com/scribejava/scribejava) 3. A custom org.apache.felix.jaas.LoginModuleFactory service for the "jackrabbit.oak" JAAS realm so the extracted oauth credentials from #2 are accepted for logging in to the oak JCR repository without knowing the password. The impl for #2 also dealt with linking the verified external account identity with a local jackrabbit.oak user and copying any required attributes from the external account to the local user profile. Regards, Eric On Tue, Dec 10, 2019 at 2:34 PM Cris Rockwell <[email protected]> wrote: > Hello Sling Users > > Does anyone know of a solution for SSO for Apache Sling using OIDC, OAuth2 > or SAML2 using JCR-based access controls, user creation and attribute > synchronization, and group membership? > > This one looks interesting, but is it dead? > > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html > < > https://sling.apache.org/documentation/the-sling-engine/authentication/authentication-authenticationhandler/openid-authenticationhandler.html > > > > This student project looks interesting, so is our best resource? > https://github.com/apache/sling-whiteboard/pull/14 < > https://github.com/apache/sling-whiteboard/pull/14> > > https://medium.com/@hasiniwitharana/gsoc-2018-openid-connect-relying-party-implementation-for-apache-sling-635ea1e9b45e > < > https://medium.com/@hasiniwitharana/gsoc-2018-openid-connect-relying-party-implementation-for-apache-sling-635ea1e9b45e > > > > https://cwiki.apache.org/confluence/display/SLING/Instructions+to+setup+the+OIDC+flow > < > https://cwiki.apache.org/confluence/display/SLING/Instructions+to+setup+the+OIDC+flow > > > https://github.com/apache/sling-whiteboard/tree/master/oidc-handler < > https://github.com/apache/sling-whiteboard/tree/master/oidc-handler> > > There is this presentation about Keycloak, but as stated I’m looking to > manage access controls on the content. > > https://adapt.to/2018/en/schedule/modern-authentication-in-sling-with-openid-connect-and-keycloak.html > < > https://adapt.to/2018/en/schedule/modern-authentication-in-sling-with-openid-connect-and-keycloak.html > > > > Thanks! > Cris R > > >
