[
https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15894301#comment-15894301
]
ASF subversion and git services commented on SYNCOPE-1035:
----------------------------------------------------------
Commit 2b06bafc58ccc0d2b9a1be137f0965ff111b08d4 in syncope's branch
refs/heads/master from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=2b06baf ]
[SYNCOPE-1035] Fix for console logout
> JWT-based access to REST services
> ---------------------------------
>
> Key: SYNCOPE-1035
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
> Project: Syncope
> Issue Type: New Feature
> Components: client, console, core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Labels: rest
> Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic
> Authentication, with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit
> REST service for obtaining some sort of token (requiring credentials) and
> then all other REST services can be accessed by sending along such token
> instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other
> standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are
> quite the default choice, especially considering the support that CXF already
> provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
