[ https://issues.apache.org/jira/browse/SYNCOPE-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16460664#comment-16460664 ]
ASF GitHub Bot commented on SYNCOPE-1270: ----------------------------------------- GitHub user DimaAy opened a pull request: https://github.com/apache/syncope/pull/74 [SYNCOPE-1270] implementation for OpenID Connect for Admin Console and Enduser You can merge this pull request into a Git repository by running: $ git pull https://github.com/DimaAy/syncope 2_0_X Alternatively you can review and apply these changes as the patch at: https://github.com/apache/syncope/pull/74.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #74 ---- commit a7267019bda61f5aaf98cf91d0b08447c383c2e7 Author: dayash <dima.ayash@...> Date: 2018-05-02T07:50:13Z [SYNCOPE-1270] implementation for OpenID Connect for Admin Console and Enduser ---- > OpenID Connect client feature > ----------------------------- > > Key: SYNCOPE-1270 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1270 > Project: Syncope > Issue Type: New Feature > Components: extensions > Reporter: Dima Ayash > Priority: Major > Fix For: 2.0.9, 2.1.0 > > > This feature implements an SSO access to the Enduser UI and Admin Console by > using [OpenID Connect 1.0|http://openid.net/connect/] which is a simple > identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify > the identity of the End-User based on the authentication performed by an > Authorization Server, as well as to obtain basic profile information about > the End-User in an interoperable and REST-like manner. > The flow for this feature will be possibly as follow (using Google as an > example of OpenID Connect Provider): > # From Enduser or Admin login UI, the user can choose to be authenticated > using Google account. > # Check if the user has a valid session, otherwise prompts the user to login > by redirecting him to the Google Login UI. > # After the user login successfully to his Google account, grant him an > access to Enduser UI or Admin console. > This will be achieved by following the OpenId Connect required flow, > leveraging possibly from CXF features. -- This message was sent by Atlassian JIRA (v7.6.3#76005)