Francesco I dont see anything related to Session Management in [2] Regards
2015-12-02 13:44 GMT-03:00 Francesco Chicchiriccò <[email protected]>: > On 1/12/2015 18:15, Manfredo Hopp wrote: > > Hi, I was trying to find some documentation about security on Syncopes > > services, since it seemed to me that basic authentication is used. > > > > Is there any plan to include this issue in SYncopes roadmap? > > Hi Manfredo, > regarding authentication, Syncope is essentially a spring-security web app, > whose configuration resides in [1] and can be changed per-deployment. > > As you can see, basic authentication is defined there, alongside to > authentication provider: you are free to change / adapt to your own needs > by > simply copying [1] into your own core/src/main/resources and start > modifying. > > This is for the current stable version, and probably for upcoming 2.0 as > well. > > For the future there are plans to implement Session Management [2], which > will > likely serve as basis for introducing many other features including digest > authentication, OAuth 2.0 and SAML support. > > I wouldn't hold my breath for it, though: it will take time, we are still > engaged to release 2.0.0 first (would love to see M1 before end of year). > > Regards. > > [1] https://github.com/apache/syncope/blob/1_2_X/core/src/main/resources/ > securityContext.xml > [2] https://issues.apache.org/jira/browse/SYNCOPE-669 > -- > Francesco Chicchiriccò > > Tirasa - Open Source Excellence > http://www.tirasa.net/ > > Involved at The Apache Software Foundation: > member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer > http://home.apache.org/~ilgrosso/ >
