syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (JIRA) <j...@apache.org>
Subject [jira] [Commented] (SYNCOPE-1035) JWT-based access to REST services
Date Fri, 03 Mar 2017 09:32:45 GMT

    [ https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15893988#comment-15893988
] 

Francesco Chicchiriccò commented on SYNCOPE-1035:
-------------------------------------------------

Apparently missing:

Commit 7004b84a150f456044e95ac5c83edfa8f8db9c59 in syncope's branch refs/heads/master from
Francesco Chicchiriccò
[ https://git1-us-west.apache.org/repos/asf?p=syncope.git;a=commit;h=7004b84a ]
SYNCOPE-1035 Adding support for Admin Console

> JWT-based access to REST services
> ---------------------------------
>
>                 Key: SYNCOPE-1035
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
>             Project: Syncope
>          Issue Type: New Feature
>          Components: client, console, core
>            Reporter: Francesco Chicchiriccò
>            Assignee: Francesco Chicchiriccò
>              Labels: rest
>             Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic Authentication,
with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit REST service
for obtaining some sort of token (requiring credentials) and then all other REST services
can be accessed by sending along such token instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are quite the
default choice, especially considering the support that CXF already provides for that.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message