Hi Dulanja, AFAIK if we use TLS, message will be encrypted and only the server will be able to decrypt the message since TLS key is shared between only the client (browser) and server. This is because at the time of symmetric key exchange, client encrypt the key with the server's public key and send that to the server . Anyway we are not going to use request redirection but a POST request.
Regards, Venura On Thu, Oct 10, 2013 at 11:56 AM, Dulanja Liyanage <[email protected]> wrote: > Ah, but i guess the jaggery app and the Authentication Framework would be > in the same machine, then this won't be a prob if we use LAN address for > the POST > > > On Thu, Oct 10, 2013 at 11:51 AM, Dulanja Liyanage <[email protected]>wrote: > >> The problem of sending a POST outside of the internal network is anyone >> can grab the credentials during wire transfer (if not secured with HTTPS) >> or at transits (even if secured with HTTPS). Then we need to consider about >> encryption. >> >> >> On Wed, Oct 9, 2013 at 10:09 PM, Johann Nallathamby <[email protected]>wrote: >> >>> Hi Venura, >>> >>> This should be done using the application authentication framework we >>> have. As we will be migrating our carbon authenticators also to this it is >>> best to use this framework. >>> >>> All you need to do is get the username and password of the user (if you >>> are using Basic Authentication) and do a POST to the commonauth servlet. >>> This way the authentication mechanism is independent from your webapp. Only >>> thing is currently we don't have an authenticator that calls the IS >>> webservice APIs for authentication. This could be easily done by writing a >>> new authenticator. Curently we have a Basic Auth authenticator which >>> authenticates with the underlying user store and a SAML SSO authenticator >>> for doing Single-Sign-On. >>> >>> >>> On Wed, Oct 9, 2013 at 7:32 PM, Venura Kahawala <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> I'm now implementing the log in functionality for the My-Identity app. >>>> As per my understanding current user management functionality implemented >>>> within jaggery uses OSGI services. This is correct if the mentioned >>>> application is only deployed within the IS server and therefore my-identity >>>> app is connected to the same user store as the IS. But if we deploy the >>>> application within an AS, the scenario might be different. >>>> >>>> This is also acceptable if the AS and IS both connects to the same user >>>> store. But in some scenarios these two server might not be connected to >>>> the same user store. >>>> For example, IS and user store is located within the internal network >>>> while AS is located outside the internal network and AS is not connected to >>>> the internal user store. But still we need to deploy the my-identity app >>>> within the AS since this application is exposed to the end users. >>>> >>>> If we need our application to cater above requirement we need to >>>> implement the log in functionality using web services. >>>> >>>> Please correct me if I'm wrong. >>>> >>>> Regards, >>>> Venura >>>> >>>> >>>> >>>> On Tue, Sep 24, 2013 at 11:39 AM, Venura Kahawala <[email protected]>wrote: >>>> >>>>> Hi, >>>>> >>>>> We are in the process of moving the below UI features out from the IS >>>>> management console. >>>>> >>>>> 1. My Profiles >>>>> 2. Account Recovery >>>>> 3. My Authorized apps >>>>> 4. OpenID >>>>> 5. My SCIM Providers >>>>> 6. Multifactor Authentication >>>>> 7. Sign-up >>>>> >>>>> >>>>> A jaggery application will be implemented with the above mentioned >>>>> features and deployed within IS server. This application can be accessed >>>>> via a different port. High level architecture diagram can be seen here >>>>> [1]. >>>>> >>>>> Jaggery application will be implemented ad-hearing to the caramel >>>>> framework. >>>>> >>>>> [1] >>>>> https://docs.google.com/a/wso2.com/drawings/d/1jQsKbSVnH3cHCKkNjaLqr9cBARk0pD04RLPGgid4R7M/edit?usp=sharing >>>>> >>>>> Please share your thoughts. >>>>> >>>>> Regards, >>>>> Venura >>>>> >>>>> -- >>>>> Senior Software Engineer >>>>> >>>>> Mobile: +94 71 82 300 20 >>>>> >>>>> >>>> >>>> >>>> -- >>>> Senior Software Engineer >>>> >>>> Mobile: +94 71 82 300 20 >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> >>> *Johann Dilantha Nallathamby* >>> Senior Software Engineer >>> Integration Technologies Team >>> WSO2, Inc. >>> lean.enterprise.middleware >>> >>> Mobile - *+94777776950* >>> Blog - *http://nallaa.wordpress.com* >>> >> >> >> >> -- >> Dulanja Liyanage >> Senior Software Engineer - WSO2 Inc. >> M: +94776764717 >> > > > > -- > Dulanja Liyanage > Senior Software Engineer - WSO2 Inc. > M: +94776764717 > -- Senior Software Engineer Mobile: +94 71 82 300 20
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
