On 27/06/2017 16:05, Colm O hEigeartaigh wrote:
Hi Francesco,
On Tue, Jun 27, 2017 at 9:24 AM, Francesco Chicchiriccò <[email protected]>
wrote:
Instead of providing a map in securityContext.xml, I would rather enable
[1] to dynamically discover JwsSignatureVerifier implementations (or maybe
a new interface of ours extending that, adding a getIssuer() method).
Moreover, the new interface extending JwsSignatureVerifier could also
provide a method to resolve the JWT subject into Syncope username (known
user).
If you like, I can take care of this.
+1 - please do!
Please also note that such SSO would work only at REST level; in order to
enable Admin Console or Enduser UI to that, something like the SAML 2.0 SP
Agent [2] will need to be provided.
Yep that's fine.
As people started asking for 2.0.4 [3][4] and CXF 3.1.12 is under vote, I
think we should start finalizing, e.g. postponing new features and
improvements to 2.0.5. But maybe this one can still fit.
No rush from my POV. Let's get it into JIRA anyway so that we can track it.
Agree: would you mind to do that? Thanks!
Regards.
[1] https://github.com/apache/syncope/blob/2_0_X/core/logic/src/
main/java/org/apache/syncope/core/logic/init/ClassPathScanI
mplementationLookup.java
[2] https://github.com/apache/syncope/blob/2_0_X/ext/saml2sp/
agent/src/main/java/org/apache/syncope/ext/saml2lsp/
agent/AssertionConsumer.java#L47
[3] https://lists.apache.org/thread.html/d8a6f8fe3629d1d00165e24
61458511d8ace983af6006a5d304fa6a9@%3Cuser.syncope.apache.org%3E
[4] https://lists.apache.org/thread.html/7d9072146f01994c8fb7f02
c8af1f88e031345e391c06970a8fcf1ff@%3Cuser.syncope.apache.org%3E
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
