Hi Matthias,
Am 23.09.21 um 08:03 schrieb Keil, Matthias (ORISA Software GmbH):
Yes, I would like to define my Server Auth module in the jaspic-providers.xml
and then provide the class with the web application.
As far as of now, i have only two scenarios in my mind:
1) Transparent for developers/applications
* Developer defines the security constraints with e.g. basic
authentication in their web.xml
* Operating places oidc-lib and the jaspci xml-configuration in tomcat.
--> Same war-file can be used for development and production
--> The developer doesnt know anything about oidc.
2) Transparent for operating.
* Developer put the oidc-lib in their application and is
responsible to register the AuthProvider class.
In both cases, i assume there exist only one oidc provider in the
company (maybe federated with other external oidc provider) with
one corresponding oidc-lib implementation.
Probably you have an other setup/requirement ?
--
greets
Bernd
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org