So is the normal setup with Apache using an add-on for SAML SSO, any
recommendations on which are best?
And on the Jetty side would it be looking for a special HTTP header that
the Apache side adds with the auth info. Or a cookie. Presumably
encrypted?
Thanks for the pointers to get me started down the right path.
Padraic
From: Cantor, Scott <canto...@osu.edu>
Subject: Re: [jetty-users] Jetty SSO SAML
Date: 2021-10-14 08:25 EDT
On 10/13/21, 6:00 PM, "jetty-users on behalf of Padraic Renaghan via
jetty-users" <jetty-users-boun...@eclipse.org on behalf of
jetty-users@eclipse.org> wrote:
Anyway, looking for pointers on setting up SAML SSO Single Sign-On
with
Jetty.
The best option is Apache in front because that allows the use of more
compliant and properly designed SAML SPs. The second best is probably
pac4j as a solution, but there are no "standard" ways to do SAML in
Java because there are no standard ways to do server-side web
authentication in Java other than the worst one of all, which was JAAS
(a desktop standard mis-applied to servers).
-- Scott
_______________________________________________
jetty-users mailing list
jetty-users@eclipse.org
To unsubscribe from this list, visit
https://www.eclipse.org/mailman/listinfo/jetty-users
