Re: Release Maggiore and authentication modules

Mon, 23 Sep 2013 04:43:23 -0700 

Il 23/09/2013 11:37, Oliver Wulff ha scritto:


Hi Fabio


I sent this mail in the mailing list because I didn't really get much 
information from the jira tickets.



Right now, I'm looking into add SSO capabilities to Syncope with 
Apache CXF Fediz IDP. I noticed that security in the console is done 
with wicket whereas in the core you use spring security. I noticed 
also the JIRA to probably use Apache Shiro which is very close to 
Spring Security. Where do you want to use Shiro - console and/or core?



Apache CXF Fediz uses WS-Federation and SAML tokens for authentication 
which means the console gets a SAML token which contains the roles of 
the user. Due to the fact that the same roles are used for the core, 
this SAML token could be sent to the REST services. CXF JAX-RS 
supports SAML as described in [2].


WDYT?


Hi Oliver, as per SYNCOPE-160 it should be investigate the way to add 
the basis to provide access management features.
I think that Shiro can be used onto the core, mainly. The console would 
be a generic client of Apache Syncope that will have to communicate with 
it in respect of authentication/authorization mechanism configured.



Currently, I don't know which will be the auth solution to be 
implemented for the console.
I don't exclude to protect the console via an Apache Syncope (AM) agent 
writen ad-hoc.


Apache Shiro is just an idea; CXF Fediz could be avaluated as well.

Best regards,
F.


Thanks

Oli


[2] 
http://cxf.apache.org/docs/jax-rs-saml.html#JAX-RSSAML-SAMLassertionsinAuthorizationheader


------------------------------------------------------------------------
*From:* Fabio Martelli [fabio.marte...@gmail.com]
*Sent:* 23 September 2013 10:09
*To:* user@syncope.apache.org
*Subject:* Re: Release Maggiore and authentication modules

Il 21/09/2013 13:56, Oliver Wulff ha scritto:


Hi there


I'm wondering what is meant with authentication modules in the 
Maggiore release?



Is the idea to authenticate users accessing the syncope console and 
provide different options to authenticate?



Hi Oliver,
yes it is.
Take a looka at [1] for more details.

Best regards,
F.

[1] https://issues.apache.org/jira/browse/SYNCOPE-160


Thanks

Oli

------

Oliver Wulff

Blog: http://owulff.blogspot.com <http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com

Talend Application Integration Division http://www.talend.com



























					Reply via email to