On 1/12/2015 18:15, Manfredo Hopp wrote: > Hi, I was trying to find some documentation about security on Syncopes > services, since it seemed to me that basic authentication is used. > > Is there any plan to include this issue in SYncopes roadmap?
Hi Manfredo, regarding authentication, Syncope is essentially a spring-security web app, whose configuration resides in [1] and can be changed per-deployment. As you can see, basic authentication is defined there, alongside to authentication provider: you are free to change / adapt to your own needs by simply copying [1] into your own core/src/main/resources and start modifying. This is for the current stable version, and probably for upcoming 2.0 as well. For the future there are plans to implement Session Management [2], which will likely serve as basis for introducing many other features including digest authentication, OAuth 2.0 and SAML support. I wouldn't hold my breath for it, though: it will take time, we are still engaged to release 2.0.0 first (would love to see M1 before end of year). Regards. [1] https://github.com/apache/syncope/blob/1_2_X/core/src/main/resources/ securityContext.xml [2] https://issues.apache.org/jira/browse/SYNCOPE-669 -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Involved at The Apache Software Foundation: member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer http://home.apache.org/~ilgrosso/
