directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <>
Subject RE: Claims based authentication with ApacheDS
Date Wed, 28 Oct 2015 13:09:14 GMT
Kiran, Pierre, Stefan and Sergey - thanks for your helpful input!! 

-----Original Message-----
From: Kiran Ayyagari [] 
Sent: Tuesday, October 27, 2015 10:43 PM
Subject: Re: Claims based authentication with ApacheDS

Hi Carlo,

On Tue, Oct 27, 2015 at 11:16 PM, <> wrote:

> Hi,
> We're starting to hear our customers ask for 'claims based authentication'
> with our product which back end with  ApacheDS.
the claims can come in many formats, SAML and JWT being two well known structures

> I've researched it a bit and it's clearly beyond the goals of an LDAP 
> server.
yes, indeed

> My question is, are any of you trying to implement something like 
> this? If so, what is the stack you're using?
in web-SSO environments the Identity Provider(a.k.a IdP) can do this task of authenticating
users based on the tokens and for this to work a trust relationship needs to be established
between the client app and the IdP

> What are challenges, benefits, risks?
> challenges: 1. need to deal with more than one token format (SAML, JWT
                   2. managing the certificates, though majority of these are self-signed(no
                       for CA signed certs) they still need to be managed

benefits: more ways to authenticate than simple username and password combo

I don't see any risks with this approach other than a bit of complexity in implementing

> Carlo Accorsi

Kiran Ayyagari
View raw message