[
https://issues.apache.org/jira/browse/KNOX-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Larry McCay resolved KNOX-510.
------------------------------
Resolution: Fixed
> KnoxSSO API
> -----------
>
> Key: KNOX-510
> URL: https://issues.apache.org/jira/browse/KNOX-510
> Project: Apache Knox
> Issue Type: Sub-task
> Components: Server
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 0.6.0
>
>
> The KnoxSSO Service is an Apache Jersey based API for providing SSO tokens
> and flow control. It will initially be used to add an API for WebSSO flows to
> Web UIs.
> The resulting token will be a JsonWebToken (JWT) that represents the
> authentication event, the issuer and a number of scopes and claims. This
> token will need to be cryptographically verifiable through PKI based
> signature by the receiver and validated as not expired and intended for the
> requested audience and scope.
> By leveraging the pluggable authentication and federation providers in Knox,
> KnoxSSO will be able to have its integration composed of any number of
> integrated solutions.
> The resulting token will always be the same and therefore the receivers will
> only need to know how to verify, validate and extract the identity
> information contained within that single context.
> The "knoxsso/websso" URL pattern will be used to facilitate the WebSSO
> interaction and will require an input of a query parameter called originalURL
> which indicates the URL to redirect the useragent to after successful
> authentication. The redirection will be assumed to be a GET to the
> originalUrl.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
