Interesting point, Colm. I think the original text was not a limiting statement on SSO but instead on pac4j provider. Most if not all of the mechanisms available through pac4j are browser based and as such not really appropriate for use as a federation provider for the REST APIs in a generic way.
We should try and make that more clear if need be. You can actually use many of the authentication/federation providers with KnoxSSO - even the simplest HTTP Basic with LDAP or even Header based PreAuth. I will take a look at those docs and see if it can better articulate what is intended there. On Mon, Jun 26, 2017 at 11:48 AM, Colm O hEigeartaigh <[email protected]> wrote: > Hi all, > > The docs state that "[pac4j] must be used for SSO, in association with the > KnoxSSO service and optionally with the SSOCookieProvider for access to > REST APIs.": > > http://knox.apache.org/books/knox-0-12-0/user-guide.html# > Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect > > However, I can use the "knoxauth" application with the KnoxSSO service to > authenticate users to the local LDAP without using pac4j at all. > > I think it probably be more accurate to say that one or the other must be > used for KnoxSSO. Is this correct? If so I'll update the docs. > > Colm. > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
