Arsnael commented on a change in pull request #843: URL: https://github.com/apache/james-project/pull/843#discussion_r783819880
########## File path: server/apps/distributed-app/docs/modules/ROOT/pages/configure/jmap.adoc ########## @@ -85,8 +85,21 @@ Enabling *TRACE* on `org.apache.james.jmap.wire` enables reactor-netty wiretap, all incoming and outgoing requests, outgoing requests. This will log also potentially sensible information like authentication credentials. +== OIDC set up + +The use of `XUserAuthenticationStrategy` allow delegating the authentication responsibility to a third party system, +which could be used to set up authentication against an OIDC provider. + +We do supply an link:https://github.com[example] of such a setup. It combines the link:https://www.keycloak.org/[Keycloack] +OIDC provider with the link:https://www.krakend.io/[Krackend] API gateway, but usage of similar technologies is definitely doable. + == Generating a JWT key pair +Apache James can alternatively be configured to check the validity of JWT tokens itself. No revocation mechanism is +supported in such a setup, and the `sub` claim is used to identify the user. The key configuration is static. + +THis requires the `JWTAuthenticationStrategy` authentication strategy to be used. Review comment: ```suggestion This requires the `JWTAuthenticationStrategy` authentication strategy to be used. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
