On 3/3/2014 1:42 PM, Thorsten Höger wrote:
Am 03.03.2014 11:27, schrieb Sergey Beryozkin:
Hi Thorsten
On 01/03/14 17:42, Thorsten Höger wrote:
Hi,
are there plans to support OpenId Connect (Server/Client) as extension to
OAuth2 in CXF?
Yes.
Right now, the immediate priority is to support JWT wrapped as CXF
ServerAccessToken,
and the JWT assertions grant. Next, offer the JAX-RS services support for the
client
registration and token management.
OpenId Connect will be next (possibly some prototyping will start after the JWT
support
is done). I'm not sure right now in what form it will be supported, may be some
of it
will be done as part of Fediz, but I think at the very least CXF OAuth2
endpoints should
be able to work with the OpenId Connect aware infrastructure...
Do you have any particular integration requirements ? What is it that attracts
you in
OpenId-Connect most ?
We are using CXF as a REST backend for our online-banking system. The first
part with
OpenId Connect would be to act as an OpenId Identity-Provider. The next part
would be to
authenticate/register new users via Google+, Facebook etc.
Shameless plug:
We're working on a OpenID Connect extension/auth server over at
http://keycloak.org. It can be a social broker, or register/manage its
own users. Supports permission/role mappings, OTP, and a lot more.
Aims for integrated security for both web apps and REST services.
Keycloak is a solution, not a library, so I don't see why eventually CXF
couldn't integrate with it if it has/will have openid connect/oauth2
client libraries.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
