On 11/3/16 9:04 AM, Marcel Waldvogel wrote:
Hi,
we're looking into using XMPP together with (passwordless) single sign
on mechanisms such as Shibboleth (SAML).
As most (all?) clients only support password authentication, this cannot
be used directly. Implementing Shibboleth is also not trivial, so it is
unlikely we can convince a large portion of the developers to do so.
We are therefore looking into creating per-application passwords on a
web page. To make this easy, it would be nice if applications were to
supported a URI like xmpp:ro...@montague.net?addaccount;password=Jul13t
<file://ro...@montague.net?addaccount;password=Jul13t>, as an extension
to XEP-0147.
This would be much easier to implement and would — for the user — make
adding an account almost as simple as native SSO support.
What do you think?
Putting passwords in URLs is a bad idea. :-)
Peter
_______________________________________________
JDev mailing list
Info: https://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: jdev-unsubscr...@jabber.org
_______________________________________________
