Il 23/09/2013 11:37, Oliver Wulff ha scritto:
Hi Fabio
I sent this mail in the mailing list because I didn't really get much
information from the jira tickets.
Right now, I'm looking into add SSO capabilities to Syncope with
Apache CXF Fediz IDP. I noticed that security in the console is done
with wicket whereas in the core you use spring security. I noticed
also the JIRA to probably use Apache Shiro which is very close to
Spring Security. Where do you want to use Shiro - console and/or core?
Apache CXF Fediz uses WS-Federation and SAML tokens for authentication
which means the console gets a SAML token which contains the roles of
the user. Due to the fact that the same roles are used for the core,
this SAML token could be sent to the REST services. CXF JAX-RS
supports SAML as described in [2].
WDYT?
Hi Oliver, as per SYNCOPE-160 it should be investigate the way to add
the basis to provide access management features.
I think that Shiro can be used onto the core, mainly. The console would
be a generic client of Apache Syncope that will have to communicate with
it in respect of authentication/authorization mechanism configured.
Currently, I don't know which will be the auth solution to be
implemented for the console.
I don't exclude to protect the console via an Apache Syncope (AM) agent
writen ad-hoc.
Apache Shiro is just an idea; CXF Fediz could be avaluated as well.
Best regards,
F.
Thanks
Oli
[2]
http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader
------------------------------------------------------------------------
*From:* Fabio Martelli [fabio.marte...@gmail.com]
*Sent:* 23 September 2013 10:09
*To:* user@syncope.apache.org
*Subject:* Re: Release Maggiore and authentication modules
Il 21/09/2013 13:56, Oliver Wulff ha scritto:
Hi there
I'm wondering what is meant with authentication modules in the
Maggiore release?
Is the idea to authenticate users accessing the syncope console and
provide different options to authenticate?
Hi Oliver,
yes it is.
Take a looka at [1] for more details.
Best regards,
F.
[1] https://issues.apache.org/jira/browse/SYNCOPE-160
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com <http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com