On 23/09/19 12:10, devel wrote: > Hi all, > can i get a JWT from Apache Syncope 2.1.4 with a resource configured for a > Pass-through Authentication with an active directory repository? It seems > that i can get a JWT only for a user imported directly into the Syncope's DB.
Hi, pass-through authentication [1] is defined as follows: > During user authentication, if the resulting applicable account policy > defines pass-through resources, the provided credentials are verified first > against the internal storage, then against each configured external resource > (provided that the underlying connector instance has the AUTHENTICATE > capability set): the first check that succeeds will successfully authenticate > the user. The reference to "internal storage" implies exactly what you state above, e.g. that the authenticating User must exist as User in Syncope. A related concept here is JWTSSOProvider [2], which would allow to map JWT values created externally onto Syncope Users. Please don't forget that Syncope, at least until version 2.1, provides authentication features only for own usage, e.g. to authenticated its own REST endpoints. Regards. [1] http://syncope.apache.org/docs/2.1/reference-guide.html#pass-through-authentication [2] http://syncope.apache.org/docs/2.1/reference-guide.html#jwtssoprovider -- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
