-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark,
On 2/9/16 9:26 AM, Mark Thomas wrote: > On 09/02/2016 14:18, Rémy Maucherat wrote: >> 2016-02-09 15:04 GMT+01:00 Mark Thomas <ma...@apache.org>: > > <snip/> > >>> Thoughts? Comments? >>> >> >> Thanks for the report. However, the more I thought about it, the >> more I was convinced JASPIC is useless [besides Arjan asking for >> it, there's still nobody actually requesting it as a Tomcat >> feature], so I don't think it is a good idea to introduce >> complexity or degrade performance to have it. I would go with the >> last option: require explicit configuration on the Context. > > Thanks for the feedback. I share you concerns regarding > performance. > > In terms of demand, no-one is asking for it directly but it does > provide a way to add SAML support (BZ 54503) and I suspect there is > demand for OAuth as well. +1 There isn't a good way to do these kinds of "SSO" interactions unless the application can be a part of the conversation. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAla5/jwACgkQ9CaO5/Lv0PCL2ACfZO2R/EH6FnIpBjQ85I2vy1yA G0EAnjPiJPFPgB4tlDFJWW595J8MoG6c =pom9 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
