Claims based authentication with ApacheDS

Hi, We're starting to hear our customers ask for 'claims based authentication' with our product which back end with ApacheDS. I've researched it a bit and it's clearly beyond the goals of an LDAP server. My question is, are any of you trying to implement something like this? If so, what is the

Re: Claims based authentication with ApacheDS

Le 27/10/15 16:16, carlo.acco...@ibs-ag.com a écrit : > Hi, > > We're starting to hear our customers ask for 'claims based authentication' > with our product which back end with ApacheDS. > I've researched it a bit and it's clearly beyond the goals of an LDAP server. > My question is, are any of

Re: Claims based authentication with ApacheDS

Hi Carlo, Are you referring to claims as in insurance claims? And are you talking about some kind of workflow oriented enablement (whatever that entails in your context) of persons registered in the ApacheDS, whereby DS functions as the primary source regarding authentication, authorisation, etc?

RE: Claims based authentication with ApacheDS

Hi Emmanuel, ok thanks for making sense of it! Sounds like something else wedges between ApacheDS and an outside REST api. What that is we don't know yet :) -Original Message- From: Emmanuel Lécharny [mailto:elecha...@gmail.com] Sent: Tuesday, October 27, 2015 1:36 PM To:

RE: Claims based authentication with ApacheDS

Hi Pierre, no, not insurance claims :) This -> https://en.wikipedia.org/wiki/Claims-based_identity Apologies for not being more clear. We sell a product that uses LDAP for authentication. Some of our customers use ApacheDS so we're familiar with it and its API. The claims based

Re: Claims based authentication with ApacheDS

Thanks Carlo and Emmanuel, I learned something new. Best regards, Pierre Smits *OFBiz Extensions Marketplace* http://oem.ofbizci.net/oci-2/ On Tue, Oct 27, 2015 at 7:00 PM, wrote: > Hi Emmanuel, ok thanks for making sense of it! Sounds like something else > wedges

Re: Claims based authentication with ApacheDS

Is the current work in Kerby on preauth mechanism using JWT also related? Can Kerberos auth then be used in OAuth2 flows? Kind Regards, Stefan On 10/27/2015 07:00 PM, carlo.acco...@ibs-ag.com wrote: > Hi Emmanuel, ok thanks for making sense of it! Sounds like something else > wedges between

Re: Claims based authentication with ApacheDS

Hi I'm not sure if it is related but we have a claim-based access control, with the claims representing some attributes from a SAML token (which represents an authenticated client). That will need to be also mapped for JWT assertions though...

Re: Claims based authentication with ApacheDS

Carlo, You might have a look at Apache CXF, that might be a solution to help you out. Best regards, Pierre Smits *OFBiz Extensions Marketplace* http://oem.ofbizci.net/oci-2/ On Tue, Oct 27, 2015 at 7:00 PM, wrote: > Hi Emmanuel, ok thanks for making sense of it!

Re: Claims based authentication with ApacheDS

That also works for JAX-WS if needed... Colm may have more info about it, once he gets back... Sergey On 27/10/15 22:07, Sergey Beryozkin wrote: Hi I'm not sure if it is related but we have a claim-based access control, with the claims representing some attributes from a SAML token (which

Re: Claims based authentication with ApacheDS

This might also be interesting: http://www.slideshare.net/coheigea/integrating-apache-syncope-with-apache-cxf Colm should be able to share more insights. Best regards, Pierre Smits *OFBiz Extensions Marketplace* http://oem.ofbizci.net/oci-2/ On Tue, Oct 27, 2015 at 11:13 PM, Stefan Seelmann

Re: Claims based authentication with ApacheDS

Hi Carlo, On Tue, Oct 27, 2015 at 11:16 PM, wrote: > Hi, > > We're starting to hear our customers ask for 'claims based authentication' > with our product which back end with ApacheDS. > the claims can come in many formats, SAML and JWT being two well known structures