Hi Manjula, On Fri, Sep 11, 2015 at 9:30 AM, Manjula Rathnayake <[email protected]> wrote:
> Hi all, > > Above REST APIs are secured with username/password login. But there are > scenarios, where client(AF or any other server) do not have the password of > the user to login and invoke these APIs. One mechanism introduced was to > make use of SAML token of the logged in user of AF(another server) to > authenticate to REST APIs and invoke. > > We recently faced another issue with above SAML token based login approach > when we test the REST APIs with curl, http clients etc because we do not > have the password of the user or the SAML token of the user. > > So we need to allow clients to choose different authentication mechanism > based on different requirements. One such requirement is to authenticate on > behalf of another user(say on behalf on currently logged in user to one > server). To provide this requirement, we need to introduce new login method > similar to login(username, password), loginWithSAMLToken(token) as > loginWthSignedJWTToken(token) etc. > > Do we have another authentication mechanism implemented for REST APIs > similar to Carbon authenticators? As a quick fix, we can include above > method and get it done, But we need to come up with a proper > authentication mechanism, where we can configure multiple authentication > options etc for REST APIs. WDYT? > +1 and in fact, EMM team has already come up with a framework for the same purpose. Maybe we can review it and see how could generialize more (if needed) and use across the platform. Will schedule a review some time next week so we can discuss in detail. Cheers, Prabath > > thank you. > > -- > Manjula Rathnayaka > Associate Technical Lead > WSO2, Inc. > Mobile:+94 77 743 1987 > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Prabath Abeysekara Technical Lead WSO2 Inc. Email: [email protected] Mobile: +94774171471
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
