[CONF] Apache Syncope > [DISCUSS] Apache Shiro integration for authentication and authorization

[Francesco Chicchiricco (Confluence)]

Title: Message Title

Francesco Chicchiricco commented on a page

Re: [DISCUSS] Apache Shiro integration for authentication and authorization I believe we need - for Syncope 2.1 at earliest, anyway - to introduce a proper session store abstraction which will allow to select among different implementations - from simpler (in-memory) to more advanced (LDAP, RDBMS, ...) which can be empowered in HA scenarios. Does Fediz provide something similar? AFAIU Spring Security's session management does not provide such feature, while Spring Session does. Reply • Like

In reply to Colm O hEigeartaigh I agree that Shiro is not needed. Do we really need to introduce Spring Session though, won't Spring Security take care of it already, via for example "<sec:session-management session-authentication-strategy-ref="sas"/>"? Perhaps Apache CXF Fediz could give us some pointers here. It ships with a plugin for Spring Security for WS-Federation, that sets up a session based on parsing a SAML Token received as part of the redirection process involved in WS-Federation SSO: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=tree;f=plugins/spring;h=f4f6d060128b96872d3eadff6955897658163443;hb=HEAD A webapp configuration using this module is here: https://git-wip-us.apache.org/repos/asf?p=cxf-fediz.git;a=blob;f=systests/webapps/springWebapp/src/main/webapp/WEB-INF/applicationContext-security.xml;h=2f5a518d013c8fedd672b14fc96f21398e523158;hb=HEAD

Stop watching space • Manage notifications This message was sent by Atlassian Confluence 5.8.4