cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bill Burke <bbu...@redhat.com>
Subject Re: OpenId Connect
Date Mon, 03 Mar 2014 18:50:11 GMT


On 3/3/2014 1:42 PM, Thorsten Höger wrote:
> Am 03.03.2014 11:27, schrieb Sergey Beryozkin:
>> Hi Thorsten
>> On 01/03/14 17:42, Thorsten Höger wrote:
>>> Hi,
>>>
>>> are there plans to support OpenId Connect (Server/Client) as extension to OAuth2
in CXF?
>>>
>> Yes.
>>
>> Right now, the immediate priority is to support JWT wrapped as CXF ServerAccessToken,
>> and the JWT assertions grant. Next, offer the JAX-RS services support for the client
>> registration and token management.
>>
>> OpenId Connect will be next (possibly some prototyping will start after the JWT support
>> is done). I'm not sure right now in what form it will be supported, may be some of
it
>> will be done as part of Fediz, but I think at the very least CXF OAuth2 endpoints
should
>> be able to work with the OpenId Connect aware infrastructure...
>>
>> Do you have any particular integration requirements ? What is it that attracts you
in
>> OpenId-Connect most ?
> We are using CXF as a REST backend for our online-banking system. The first part with
> OpenId Connect would be to act as an OpenId Identity-Provider. The next part would be
to
> authenticate/register new users via Google+, Facebook etc.

Shameless plug:

We're working on a OpenID Connect extension/auth server over at 
http://keycloak.org.  It can be a social broker, or register/manage its 
own users.  Supports permission/role mappings, OTP, and a lot more. 
Aims for integrated security for both web apps and REST services. 
Keycloak is a solution, not a library, so I don't see why eventually CXF 
couldn't integrate with it if it has/will have openid connect/oauth2 
client libraries.

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

Mime
View raw message