Great thanks! Colm.
On Mon, Jun 26, 2017 at 5:15 PM, larry mccay <[email protected]> wrote: > Interesting point, Colm. > > I think the original text was not a limiting statement on SSO but instead > on pac4j provider. > Most if not all of the mechanisms available through pac4j are browser > based and as such not really appropriate for use as a federation provider > for the REST APIs in a generic way. > > We should try and make that more clear if need be. > > You can actually use many of the authentication/federation providers with > KnoxSSO - even the simplest HTTP Basic with LDAP or even Header based > PreAuth. > > I will take a look at those docs and see if it can better articulate what > is intended there. > > > On Mon, Jun 26, 2017 at 11:48 AM, Colm O hEigeartaigh <[email protected] > > wrote: > >> Hi all, >> >> The docs state that "[pac4j] must be used for SSO, in association with the >> KnoxSSO service and optionally with the SSOCookieProvider for access to >> REST APIs.": >> >> http://knox.apache.org/books/knox-0-12-0/user-guide.html#Pac >> 4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect >> >> However, I can use the "knoxauth" application with the KnoxSSO service to >> authenticate users to the local LDAP without using pac4j at all. >> >> I think it probably be more accurate to say that one or the other must be >> used for KnoxSSO. Is this correct? If so I'll update the docs. >> >> Colm. >> >> >> -- >> Colm O hEigeartaigh >> >> Talend Community Coder >> http://coders.talend.com >> > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
