Ah, but i guess the jaggery app and the Authentication Framework would be in the same machine, then this won't be a prob if we use LAN address for the POST
On Thu, Oct 10, 2013 at 11:51 AM, Dulanja Liyanage <[email protected]> wrote: > The problem of sending a POST outside of the internal network is anyone > can grab the credentials during wire transfer (if not secured with HTTPS) > or at transits (even if secured with HTTPS). Then we need to consider about > encryption. > > > On Wed, Oct 9, 2013 at 10:09 PM, Johann Nallathamby <[email protected]>wrote: > >> Hi Venura, >> >> This should be done using the application authentication framework we >> have. As we will be migrating our carbon authenticators also to this it is >> best to use this framework. >> >> All you need to do is get the username and password of the user (if you >> are using Basic Authentication) and do a POST to the commonauth servlet. >> This way the authentication mechanism is independent from your webapp. Only >> thing is currently we don't have an authenticator that calls the IS >> webservice APIs for authentication. This could be easily done by writing a >> new authenticator. Curently we have a Basic Auth authenticator which >> authenticates with the underlying user store and a SAML SSO authenticator >> for doing Single-Sign-On. >> >> >> On Wed, Oct 9, 2013 at 7:32 PM, Venura Kahawala <[email protected]> wrote: >> >>> Hi, >>> >>> I'm now implementing the log in functionality for the My-Identity app. >>> As per my understanding current user management functionality implemented >>> within jaggery uses OSGI services. This is correct if the mentioned >>> application is only deployed within the IS server and therefore my-identity >>> app is connected to the same user store as the IS. But if we deploy the >>> application within an AS, the scenario might be different. >>> >>> This is also acceptable if the AS and IS both connects to the same user >>> store. But in some scenarios these two server might not be connected to >>> the same user store. >>> For example, IS and user store is located within the internal network >>> while AS is located outside the internal network and AS is not connected to >>> the internal user store. But still we need to deploy the my-identity app >>> within the AS since this application is exposed to the end users. >>> >>> If we need our application to cater above requirement we need to >>> implement the log in functionality using web services. >>> >>> Please correct me if I'm wrong. >>> >>> Regards, >>> Venura >>> >>> >>> >>> On Tue, Sep 24, 2013 at 11:39 AM, Venura Kahawala <[email protected]>wrote: >>> >>>> Hi, >>>> >>>> We are in the process of moving the below UI features out from the IS >>>> management console. >>>> >>>> 1. My Profiles >>>> 2. Account Recovery >>>> 3. My Authorized apps >>>> 4. OpenID >>>> 5. My SCIM Providers >>>> 6. Multifactor Authentication >>>> 7. Sign-up >>>> >>>> >>>> A jaggery application will be implemented with the above mentioned >>>> features and deployed within IS server. This application can be accessed >>>> via a different port. High level architecture diagram can be seen here [1]. >>>> >>>> Jaggery application will be implemented ad-hearing to the caramel >>>> framework. >>>> >>>> [1] >>>> https://docs.google.com/a/wso2.com/drawings/d/1jQsKbSVnH3cHCKkNjaLqr9cBARk0pD04RLPGgid4R7M/edit?usp=sharing >>>> >>>> Please share your thoughts. >>>> >>>> Regards, >>>> Venura >>>> >>>> -- >>>> Senior Software Engineer >>>> >>>> Mobile: +94 71 82 300 20 >>>> >>>> >>> >>> >>> -- >>> Senior Software Engineer >>> >>> Mobile: +94 71 82 300 20 >>> >>> >> >> >> -- >> Thanks & Regards, >> >> *Johann Dilantha Nallathamby* >> Senior Software Engineer >> Integration Technologies Team >> WSO2, Inc. >> lean.enterprise.middleware >> >> Mobile - *+94777776950* >> Blog - *http://nallaa.wordpress.com* >> > > > > -- > Dulanja Liyanage > Senior Software Engineer - WSO2 Inc. > M: +94776764717 > -- Dulanja Liyanage Senior Software Engineer - WSO2 Inc. M: +94776764717
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
