Hi Peer, I’ve recently replaced our end of life SSO implementation (CoSign) with OpenID Connect via mod_auth_openidc.
I went with Gluu as the OICD provider (https://www.gluu.org/ <https://www.gluu.org/>). I assume mod_auth_openidc works with any compliant OIDC provider including Auth0. There's nothing really WO’ey about this, in fact there were no changes required to application code, only httpd configuration. I was able to map the authenticated username to the “remote_user” header where our applications already expect the username to be, allowing my rudimentary access control to continue to work. A provider’s access token can potentially deliver all manner of data that could describe a user’s access privileges and identity and I hope to use Gluu to describe (or derive from AD) user access privileges which can then deliver a rich access token to my WO apps via httpd/mod_auth_openidc. Until then I’m using it simply to require authentication on certain paths using Location and LocationMatch directives as you would with any other httpd AuthType. Sharpy. > On 25 Feb 2020, at 6:48 pm, Peer Sandtner via Webobjects-dev > <webobjects-dev@lists.apple.com> wrote: > > Hello, everybody, > > I am faced with the requirement to integrate SSO into an existing WO > application with own user/rights management. > > The (B2B) WO application is currently already used by different integration > partners who authenticate their users in the WO application by > username/password and then get back a WOSession URL to which the user's > browser is then redirected. > > The first integration will probably be based on SAML 2, since the partner > already uses this for itself. Unfortunately I have no experience with SSO and > came across auth0.com during my research. However, it is not yet clear to me > whether and to what extent the requirements can be fulfilled with it. > > At the moment I assume that in the end I have to do a mapping between the > received data from the ID-Provider and the existing users in my database and > then log the user into my WO-application as usual. > > Does anyone have any tips on how to integrate auth0.com into a WO > application? > > I also came across https://github.com/zmartzone/mod_auth_openidc. Does this > simplify the integration of auth0.com or is it better to do it "directly" via > the Java libraries of auth0.com. > > I'm sorry - questions about questions ;-) > > I am grateful for every hint... > Peer > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/getsharp%40gmail.com > > This email sent to getsh...@gmail.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
