Hi IS team, Regarding [1] which AppM requires to get implemented (IS feature) prior to cloud integration.
I'm planning to implement $subject and I would like to share few concerns/feedbacks with you. When looking at the PEPProxyFactory class we find few clients (eg: soap, json, trift, ws xacml, basic auth). So I plan to introduce Cookie base authorization initially only to the soap client which is the most common use case. (AFAIK this is not a valid use case for clients like thrift/basic auth) This will allow users to authenticate using both credentials and authorized cookie. So when the cookie is available it will authenticate using the cookie and if not it will validate the credentials. WDYT? [1] https://wso2.org/jira/browse/IDENTITY-4987 -- *Lahiru Cooray* Software Engineer WSO2, Inc.;http://wso2.com/ lean.enterprise.middleware Mobile: +94 715 654154
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev