Hi Bill
On 03/03/14 18:50, Bill Burke wrote:
On 3/3/2014 1:42 PM, Thorsten Höger wrote:
Am 03.03.2014 11:27, schrieb Sergey Beryozkin:
Hi Thorsten
On 01/03/14 17:42, Thorsten Höger wrote:
Hi,
are there plans to support OpenId Connect (Server/Client) as
extension to OAuth2 in CXF?
Yes.
Right now, the immediate priority is to support JWT wrapped as CXF
ServerAccessToken,
and the JWT assertions grant. Next, offer the JAX-RS services support
for the client
registration and token management.
OpenId Connect will be next (possibly some prototyping will start
after the JWT support
is done). I'm not sure right now in what form it will be supported,
may be some of it
will be done as part of Fediz, but I think at the very least CXF
OAuth2 endpoints should
be able to work with the OpenId Connect aware infrastructure...
Do you have any particular integration requirements ? What is it that
attracts you in
OpenId-Connect most ?
We are using CXF as a REST backend for our online-banking system. The
first part with
OpenId Connect would be to act as an OpenId Identity-Provider. The
next part would be to
authenticate/register new users via Google+, Facebook etc.
Shameless plug:
We're working on a OpenID Connect extension/auth server over at
http://keycloak.org. It can be a social broker, or register/manage its
own users. Supports permission/role mappings, OTP, and a lot more. Aims
for integrated security for both web apps and REST services. Keycloak is
a solution, not a library, so I don't see why eventually CXF couldn't
integrate with it if it has/will have openid connect/oauth2 client
libraries.
Sure, I guess that can definitely work, integrating at that level. And I
don't mind us trying at all, it will be a good interoperability. But
note we also have Fediz, which is going to become the SSO + OAuth2 star
:-). May be we can use Fediz to interpose over KeyCloak one day :-)
Cheers, Sergey
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
