[
https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15893988#comment-15893988
]
Francesco Chicchiriccò commented on SYNCOPE-1035:
-------------------------------------------------
Apparently missing:
Commit 7004b84a150f456044e95ac5c83edfa8f8db9c59 in syncope's branch
refs/heads/master from Francesco Chicchiriccò
[ https://git1-us-west.apache.org/repos/asf?p=syncope.git;a=commit;h=7004b84a ]
SYNCOPE-1035 Adding support for Admin Console
> JWT-based access to REST services
> ---------------------------------
>
> Key: SYNCOPE-1035
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
> Project: Syncope
> Issue Type: New Feature
> Components: client, console, core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Labels: rest
> Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic
> Authentication, with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit
> REST service for obtaining some sort of token (requiring credentials) and
> then all other REST services can be accessed by sending along such token
> instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other
> standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are
> quite the default choice, especially considering the support that CXF already
> provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
