Hi JB, Is the "CXF authentication ready to use feature" really required if we are already going to have a JAAS LoginModule for Syncope? A CXF user can just use the new JAAS LoginModule for authentication instead.
Colm. On Thu, Jun 5, 2014 at 10:59 AM, Francesco Chicchiriccò <[email protected] > wrote: > On 04/06/2014 21:25, Jean-Baptiste Onofré wrote: > >> Hi guys, >> >> I'm happy as I should have some time to work again on Syncope next week >> (and the following weeks ;)). >> >> I have some ideas that I would like to share and discuss with you. >> Please, correct me if I'm wrong, if the ideas are stupid, or already done >> ;) >> >> 1/ Provide a Karaf LoginModule for Syncope and a Karaf feature >> We already discussed of that in the past. It doesn't change the Syncope >> codebase itself, it's just an addition on the Karaf side. >> The first thing is to provide a SyncopeLoginModule in Karaf allowing to >> delegate the user backend to Syncope. Currently, Karaf provides >> PropertiesLoginModule (the username/password are stored in the simple >> properties file), LDAPLoginModule, JDBCLoginModule, and OSGiLoginModule. >> Thanks to the SyncopeLoginModule, the users just delegate the Karaf >> container JAAS realm backend to Syncope, who manages its own backend (LDAP, >> etc). >> On the other hand, I will provide a Karaf feature to be able to easily >> install Syncope directly in Karaf. >> > > This sounds very cool: when you discuss or file issue(s) on Karaf's JIRA, > please report here, I personally would love to watch and possibly test :-) > > > 2/ OAuth2 Service Provider feature >> More and more companies want to provide an "internal" oauth2 service >> provider (instead of using "public" one like amazon, bitbucket, etc). >> What do you think to add an optional feature to Syncope to turn Syncope >> as an OAuth2 Service Provider ? >> > > Really nice. > I would see this feature as part of the "Access Management" feature set > currently scheduled for 3.0.0 [1] - clearly this does not mean we cannot > implement it before. > > > 3/ CXF authentication ready to use feature >> Right now, we can use Syncope with CXF by implementing an interceptor >> delegating to the Syncope REST API. >> It's not really straight forward for the user as it requires to write >> some kind of plumbing code. >> I think it could be helpful to provide a ready to use "CXF feature" >> providing the interceptor that we can configure (the location of the >> Syncope instance, etc). >> Maybe it makes more sense to add this on the CXF part more than on the >> Syncope side, but, anyway, it could be very helpful for the users. >> > > Hum, I am probably missing some bits on CXF side: are you proposing to > provide a sort of "Syncope authentication module" for CXF, as suggested > above for Karaf? > Could it be the case to maintain such module(s) in Syncope codebase > anyway? We will need of course to keep them up-to-date either with respect > to Syncope and CXF / Karaf of course, so we will need CXF and Karaf > expertise - which we actually have :-) > > Regards. > > [1] https://cwiki.apache.org/confluence/display/SYNCOPE/Roadmap > > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC > http://people.apache.org/~ilgrosso/ > > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
