Hi guys, I'm working on a platform for a SaaS app to allow third party add-ons and mini-apps to coexist alongside the main app (itself a collection of JSON web services tied together by a pluggable web UI).
At present we have a simple JSON web service to provide SSO and shared session mgmt to the platform. This service doesn't handle clustering and authorization queries, so I consider migrating it to a framework that does. Last night I had a look at the Shiro docs and API and it looks very promising. I actually was very delighted :) I have three questions: 1. I suppose there is no problem attaching a map of attributes to Subject? We use the Json2Ldap web service for authentication and on success we also retrieve a bunch of selected LDAP user attributes. 2. Is there an API to the session store to allow monitoring and stats, e.g. to be able to see who's online and track the number of current sessions? 3. How easy it is to plug in an IdP or IdC flow into Shiro, e.g. to allow the service to act as an OpenID Connect provider or relying party? I was recently thinking whether it's possible to have a generic API to handle the session mgmt and endpoint requirements of any IdP / IdP scheme available today. Cheers, Vladimir ----- Vladimir Dzhuvinov -- View this message in context: http://shiro-user.582556.n2.nabble.com/JSON-web-service-for-SSO-and-shared-session-management-tp7226169p7226169.html Sent from the Shiro User mailing list archive at Nabble.com.
