[jira] [Commented] (KNOX-514) Documentation of the WebSSO API

Tue, 28 Jul 2015 13:35:49 -0700 

    [ 
https://issues.apache.org/jira/browse/KNOX-514?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14645001#comment-14645001
 ] 

Larry McCay commented on KNOX-514:
----------------------------------

The most prevalent usecases have been those of integration or federation of 
authentication from other preferred authentication systems. If there are 
usecases in the community that actually want to provide user credentials to 
Knox for production then we can certainly consider adding support for such a 
form.

To directly answer [~tanping] - yes, I took the liberty to close jiras that 
were related to Knox collecting user credentials. The KnoxSSO service is 
intended to consist of a couple aspects:

1. Integration point for other SSO systems which allows for participating 
relying parties to redirect to our KnoxSSO WebSSO endpoint which will direct 
authentication to another preferred authentication system. We have prototyped 
shibboleth in this capacity using the picketlink federation provider. We then 
normalize that authentication event into a single knox JWT token that can be 
verified cryptographically when presented to the relying party. This aspect is 
great for integrating access to web UIs through SAML, etc.

2. The KnoxSSO Token service will be used by applications that can not 
participate in a WebSSO flow that includes page redirects and user interaction. 
For instance, JavaScript based REST calls inside of webpages don't generally 
have access to SSO cookies that are often set to HTTPOnly. We can allow for a 
token based exchange for such clients with this aspect.

Does this explanation make sense?

> Documentation of the WebSSO API
> -------------------------------
>
>                 Key: KNOX-514
>                 URL: https://issues.apache.org/jira/browse/KNOX-514
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Site
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.7.0
>
>
> We need documentation for the configuration and use of the WebSSO API in 
> Knox. Describe the overall architecture with regards to authentication 
> provider use, flow, cookie use, etc. Also describe all of the configuration 
> settings.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to