Hi all, The following points outline the integration of Stream Processor with an Identity Provider. Identity Provider Client interface will act as the mediator between SP components and Identity Provider. The points are divided into to two main parts based on the authentication mechanism.
*Basic Authentication (Only for evaluation of the product)* 1. User store is maintained in the file system. 2. Session management is maintained by the Identity Provider Client interface by maintaining the users login along with a randomly generated session id and expiry time. *OAuth2 Authentication* 1. Use the Dynamic Client Registration endpoint in the IdP to create service provider dynamically. 1. Through SP dashboard UI user can requests access tokens through either password grant type or authorization code grant type. 2. Session management is maintained through the tokens returned by the IdP. 3. Users can also access the back end APIs with either username & password or access token. If user presents the username & password the interceptor will redirect to Identity Provider Client's token requesting function. Thus essentially the user requesting token from the IdP. If user accesses with token then the token will be validated through introspection end point of the IdP. More information on the solution can be found at [1] [1] https://docs.google.com/a/wso2.com/document/d/1vFP_ GZcuLzJrkRDV3mCfuSDkwC8eKClmp4zt-lUs1Ro/edit?usp=sharing -- Best Regards, *Niveathika Rajendran,* *Software Engineer.* *Mobile : +94 077 903 7536 <+94%2077%20903%207536>*
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
