Hi Gaston, On Thu, 2019-05-09 at 12:10 -0700, Gaston Gonzalez wrote: > Hi All, > > I have been researching an SSO solution for Sling for the last week > and noticed that some work has been done around OpenID Connect. > During my research I stumbled upon SLING-2759 and was able to get it > working with Sling 11 using a couple of OpenID providers (e.g., > Google Identity Platform and Auth0). This ticket has been stale since > August 2018 and I was wondering if I can help contribute to the > development of this feature. I searched the Sling dev and user > mailing list archives and can’t seem to find any work that would > supersede SLING-2759. > > Is SLING-2759 still the front runner for supporting Open ID Connect? > Is there a better option on the table for supporting SSO in Sling? > > I also stumbled upon an adaptTo() 2018 talk, "Modern Authentication > in Sling with OpenID Connect and Keycloak” ( > https://www.youtube.com/watch?v=aaqpmmyylis < > https://www.youtube.com/watch?v=aaqpmmyylis>;) that seems to suggest > that there is some interest in OpenID Connect + Sling.
I think it would be great if you would contribute towards OpenID connect support in Sling! This is something I'm definitely interested in. As for the "historical" state, here's what I could dig up> 1. The solution in SLING-2759 has been expanded to https://github.com/apache/sling-whiteboard/pull/14 The code is not final, and has not been reviewed by someone with a focus on security. 2. The KeyCloak integration has a (proof of concept?) repository at https://github.com/dteleguin/sling-keycloak-integration I am not sure whether building on any of those or doing a clean-room implementation is better, as I have no experience with OpenID connect. I also seem to remember that KeyCloak supposedly has a client jar which would make it much simpler to connect to OpenID connect providers, at least compared to the solution in SLING-2759. Anyway, let me know of any more questions, I'd be happy to help if needed. Thanks! Robert
