syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dima Ayash (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (SYNCOPE-1270) OpenID Connect client feature
Date Wed, 07 Feb 2018 17:00:00 GMT

     [ https://issues.apache.org/jira/browse/SYNCOPE-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dima Ayash updated SYNCOPE-1270:
--------------------------------
    Description: 
This feature implements an SSO access to the Enduser UI and Admin Console by using [OpenID
Connect 1.0|http://openid.net/connect/] which is a simple identity layer on top of the OAuth
2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication
performed by an Authorization Server, as well as to obtain basic profile information about
the End-User in an interoperable and REST-like manner.
The flow for this feature will be possibly as follow (using Google as an example of OpenID
Connect Provider):
# From Enduser or Admin login UI, the user can choose to be authenticated using Google account.
#  Check if the user has a valid session, otherwise prompts the user to login by redirecting
him to the Google Login UI.
#  After the user login successfully to his Google account, grant him an access to Enduser
UI or Admin console.

This will be achieved by following the OpenId Connect required flow, leveraging possibly from
CXF features.

> OpenID Connect client feature
> -----------------------------
>
>                 Key: SYNCOPE-1270
>                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1270
>             Project: Syncope
>          Issue Type: New Feature
>          Components: extensions
>            Reporter: Dima Ayash
>            Priority: Major
>             Fix For: 2.0.8, 2.1.0
>
>
> This feature implements an SSO access to the Enduser UI and Admin Console by using [OpenID
Connect 1.0|http://openid.net/connect/] which is a simple identity layer on top of the OAuth
2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication
performed by an Authorization Server, as well as to obtain basic profile information about
the End-User in an interoperable and REST-like manner.
> The flow for this feature will be possibly as follow (using Google as an example of OpenID
Connect Provider):
> # From Enduser or Admin login UI, the user can choose to be authenticated using Google
account.
> #  Check if the user has a valid session, otherwise prompts the user to login by redirecting
him to the Google Login UI.
> #  After the user login successfully to his Google account, grant him an access to Enduser
UI or Admin console.
> This will be achieved by following the OpenId Connect required flow, leveraging possibly
from CXF features.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message