+ Ranga On Fri, Sep 11, 2015 at 10:42 AM, Amila De Silva <[email protected]> wrote:
> > > On Friday, September 11, 2015, Manjula Rathnayake <[email protected]> > wrote: > >> Hi all, >> >> Above REST APIs are secured with username/password login. But there are >> scenarios, where client(AF or any other server) do not have the password of >> the user to login and invoke these APIs. One mechanism introduced was to >> make use of SAML token of the logged in user of AF(another server) to >> authenticate to REST APIs and invoke. >> >> We recently faced another issue with above SAML token based login >> approach when we test the REST APIs with curl, http clients etc because we >> do not have the password of the user or the SAML token of the user. >> >> So we need to allow clients to choose different authentication mechanism >> based on different requirements. One such requirement is to authenticate on >> behalf of another user(say on behalf on currently logged in user to one >> server). To provide this requirement, we need to introduce new login method >> similar to login(username, password), loginWithSAMLToken(token) as >> loginWthSignedJWTToken(token) etc. >> >> Do we have another authentication mechanism implemented for REST APIs >> similar to Carbon authenticators? As a quick fix, we can include above >> method and get it done, But we need to come up with a proper >> authentication mechanism, where we can configure multiple authentication >> options etc for REST APIs. WDYT? >> > +1. > Apart from the ones shipped with the product, currently the capability is > not there to plug in a new authenticator for REST APIs. > > IIRC, while doing the Key Manager separation, a new authentication method > was provided to sign in using an id_token.But not sure to what extent this > would be helpful for your scenario. > >> thank you. >> >> -- >> Manjula Rathnayaka >> Associate Technical Lead >> WSO2, Inc. >> Mobile:+94 77 743 1987 >> > -- *Amila De Silva* WSO2 Inc. mobile :(+94) 775119302
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
