Cool! Thanks a lot for all the info.
> Expect to see Apache Directory server to have SAML (Web SSO at least) > support somewhere over the next few months. Meanwhile, use the simple > OSGi User Admin just to have something running for your client, and > when ApacheDS SAML work is done, we can make the bridge for it here in > OPS4J. That would be really nice! But I know better now than to allow myself to think that I'll actually have time to help out. ;-) Cheers, Dave > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Niclas Hedhman > Sent: 21 June 2007 17:49 > To: General OPS4J > Subject: Re: Advice on setting up an authentication strategy > > > On 6/21/07, David Leangen <[EMAIL PROTECTED]> wrote: > > > I need to start thinking about authentication. I noticed that in Pax > > Wicket SNAPSHOT, there are now a few docs that discuss this, and I'll be > > looking into that in detail very soon. > > > > For now, I thought I'd ask your advice from the backend perspective. > > I've never developed this before, so maybe those with more experience > > could help me out. > > > > It seems to me that I'll need to store, for each user: > > > > - username > > - password > > - lastlogin > > - roles > > > > Does that sound right? > > Not sure what you want to do with "lastlogin", but the default > Authenticator in Pax Wicket will use OSGi's User Admin service spec, > to enable re-use of clever new implementations there. > > > What issues should I consider, with regards to security especially and > > also stability and usability? > > Try to delegate the problem away from your application as much as > possible. In an enterprise environment, you will be required to > integrate into the LDAP or Identity Management system in use there, > and possibly be Single-Sign On capable. > > > Or, are there any good articles or books that could help me consider > > some of the issues I'll need to deal with? > > Ideally, you don't need to do much. It would make sense that Pax > Wicket's Authenticator plus the OSGi User Admin service is engaged, > and SAML and/or CAS support is developed collaboratively. > > Expect to see Apache Directory server to have SAML (Web SSO at least) > support somewhere over the next few months. Meanwhile, use the simple > OSGi User Admin just to have something running for your client, and > when ApacheDS SAML work is done, we can make the bridge for it here in > OPS4J. > > > Cheers > Niclas > > _______________________________________________ > general mailing list > [email protected] > http://lists.ops4j.org/mailman/listinfo/general > _______________________________________________ general mailing list [email protected] http://lists.ops4j.org/mailman/listinfo/general
