On 03/12/2015 18:11, Manfredo Hopp wrote:
Francesco I dont see anything related to Session Management in [2]
You're right, link fixed.
Regards.
2015-12-02 13:44 GMT-03:00 Francesco Chicchiriccò <[email protected]
<mailto:[email protected]>>:
On 1/12/2015 18:15, Manfredo Hopp wrote:
> Hi, I was trying to find some documentation about security on
Syncopes
> services, since it seemed to me that basic authentication is used.
>
> Is there any plan to include this issue in SYncopes roadmap?
Hi Manfredo,
regarding authentication, Syncope is essentially a spring-security
web app,
whose configuration resides in [1] and can be changed per-deployment.
As you can see, basic authentication is defined there, alongside to
authentication provider: you are free to change / adapt to your
own needs by
simply copying [1] into your own core/src/main/resources and start
modifying.
This is for the current stable version, and probably for upcoming
2.0 as well.
For the future there are plans to implement Session Management
[2], which will
likely serve as basis for introducing many other features
including digest
authentication, OAuth 2.0 and SAML support.
I wouldn't hold my breath for it, though: it will take time, we
are still
engaged to release 2.0.0 first (would love to see M1 before end of
year).
Regards.
[1]
https://github.com/apache/syncope/blob/1_2_X/core/src/main/resources/securityContext.xml
<https://github.com/apache/syncope/blob/1_2_X/core/src/main/resources/%0AsecurityContext.xml>
[2] https://issues.apache.org/jira/browse/SYNCOPE-699
<https://issues.apache.org/jira/browse/SYNCOPE-669>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC, CXF committer
http://home.apache.org/~ilgrosso/
