shibboleth SP for java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

shibboleth SP for java

Liam Hoekenga
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Liam Hoekenga
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP for java

Nick Newman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP for java

Nick Newman
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Liam Hoekenga
In reply to this post by Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Liam Hoekenga
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

RE: shibboleth SP for java

Cantor, Scott E.
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: shibboleth SP for java

lajoie
Administrator
In reply to this post by Liam Hoekenga
On Mon, Jul 19, 2010 at 12:06, Liam Hoekenga <[hidden email]> wrote:

>>> We thought that making the authentication piece of their web portal
>>> software JAAS compliant would be a good be a good solution, as then
>>> the their customers could plug in a variety of authentication
>>> mechanisms.
>>
>> s/authentication mechanisms/authentication mechanisms that involve
>> passwords
>
> I talked to the developer who wrote the JAAS module for our webSSO (Cosign),
> as it seemed that we would have run into the same issue.  He said..
>
>    I do not agree with this statement
>        -> "JAAS is a password-based mechanism".

Whether one can shoe-horn JAAS in really isn't the question.  JAAS was
not made for that type of usage and as such using it in such a
capacity is always going to be hack'ish and introduce additional
problems that need to be tackled.  It's possible to do this, but
suboptimal.  This is why every single container has its own API for
doing authentication.  There was an attempt to standardized container
managed authentication though the JASPI APIs but it never really took
hold.

At this point, there simply is not any good, standard-API, way to do
this except to rely on the REMOTE_USER header.  Now, with the recent
release of the Servlet 3.0 spec that may have changed.  It has a set
of APIs for authenticating and authorizing users.  These APIs do not,
themselves, assume a particular messaging pattern (i.e. you'll display
one page and then redirect back to the app with credentials) but it'll
be a while before we know whether apps that use the APIs make such
assumptions.

--
Chad La Joie
www.itumi.biz
trusted identities, delivered