Larry McCay created KNOX-510:
--------------------------------
Summary: KnoxSSO API
Key: KNOX-510
URL: https://issues.apache.org/jira/browse/KNOX-510
Project: Apache Knox
Issue Type: Sub-task
Components: Server
Reporter: Larry McCay
Assignee: Larry McCay
Fix For: 0.6.0
The KnoxSSO Service is an Apache Jersey based API for providing SSO tokens and
flow control. It will initially be used to add an API for WebSSO flows to Web
UIs.
The resulting token will be a JsonWebToken (JWT) that represents the
authentication event, the issuer and a number of scopes and claims. This token
will need to be cryptographically verifiable through PKI based signature by the
receiver and validated as not expired and intended for the requested audience
and scope.
By leveraging the pluggable authentication and federation providers in Knox,
KnoxSSO will be able to have its integration composed of any number of
integrated solutions.
The resulting token will always be the same and therefore the receivers will
only need to know how to verify, validate and extract the identity information
contained within that single context.
The "knoxsso/websso" URL pattern will be used to facilitate the WebSSO
interaction and will require an input of a query parameter called originalURL
which indicates the URL to redirect the useragent to after successful
authentication. The redirection will be assumed to be a GET to the originalUrl.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
