[
https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15893948#comment-15893948
]
ASF subversion and git services commented on SYNCOPE-1035:
----------------------------------------------------------
Commit bb40af42ad9bb11c7f2a0c413096b6e601a63a63 in syncope's branch
refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=bb40af4 ]
[SYNCOPE-1035] Adding support for Admin Console
> JWT-based access to REST services
> ---------------------------------
>
> Key: SYNCOPE-1035
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
> Project: Syncope
> Issue Type: New Feature
> Components: client, console, core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Labels: rest
> Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic
> Authentication, with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit
> REST service for obtaining some sort of token (requiring credentials) and
> then all other REST services can be accessed by sending along such token
> instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other
> standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are
> quite the default choice, especially considering the support that CXF already
> provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
