On Thu, Oct 19, 2017 at 5:21 PM, Niveathika Rajendran <[email protected]> wrote:
> Hi all, > > The following points outline the integration of Stream Processor with an > Identity Provider. Identity Provider Client interface will act as the > mediator between SP components and Identity Provider. The points are > divided into to two main parts based on the authentication mechanism. > > *Basic Authentication (Only for evaluation of the product)* > > 1. User store is maintained in the file system. > 2. Session management is maintained by the Identity Provider Client > interface by maintaining the users login along with a randomly generated > session id and expiry time. > > > > *OAuth2 Authentication* > > 1. Use the Dynamic Client Registration endpoint in the IdP to create > service provider dynamically. > 1. Through SP dashboard UI user can requests access tokens through either > password grant type or authorization code grant type. > 2. Session management is maintained through the tokens returned by the IdP. > 3. Users can also access the back end APIs with either username & > password or access token. If user presents the username & password the > interceptor will redirect to Identity Provider Client's token requesting > function. Thus essentially the user requesting token from the IdP. If user > accesses with token then the token will be validated through introspection > end point of the IdP. > How do we planned to handle fine grained permission validations in addition to authentication? Is there a situation admin allowed to send special kind of requests while other users do not allowed to do same? And if we have pluggable interceptor mechanism we can plug any authentication mechanism. Thanks, sanjeewa. > > > > > More information on the solution can be found at [1] > > > [1] https://docs.google.com/a/wso2.com/document/d/1vFP_GZcuLzJrk > RDV3mCfuSDkwC8eKClmp4zt-lUs1Ro/edit?usp=sharing > > -- > Best Regards, > *Niveathika Rajendran,* > *Software Engineer.* > *Mobile : +94 077 903 7536 <+94%2077%20903%207536>* > > -- *Sanjeewa Malalgoda* WSO2 Inc. Mobile : +94713068779 <http://sanjeewamalalgoda.blogspot.com/>blog :http://sanjeewamalalgoda.blogspot.com/ <http://sanjeewamalalgoda.blogspot.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
