Re: SSO-Integration (auth0.com)
Re: SSO-Integration (auth0.com)
- Subject: Re: SSO-Integration (auth0.com)
- From: getsharp--- via Webobjects-dev <email@hidden>
- Date: Tue, 25 Feb 2020 20:15:56 +1000
Hi Peer,
I’ve recently replaced our end of life SSO implementation (CoSign) with OpenID
Connect via mod_auth_openidc.
I went with Gluu as the OICD provider (https://www.gluu.org/
<https://www.gluu.org/>). I assume mod_auth_openidc works with any compliant
OIDC provider including Auth0.
There's nothing really WO’ey about this, in fact there were no changes required
to application code, only httpd configuration. I was able to map the
authenticated username to the “remote_user” header where our applications
already expect the username to be, allowing my rudimentary access control to
continue to work.
A provider’s access token can potentially deliver all manner of data that
could describe a user’s access privileges and identity and I hope to use Gluu
to describe (or derive from AD) user access privileges which can then deliver a
rich access token to my WO apps via httpd/mod_auth_openidc.
Until then I’m using it simply to require authentication on certain paths using
Location and LocationMatch directives as you would with any other httpd
AuthType.
Sharpy.
> On 25 Feb 2020, at 6:48 pm, Peer Sandtner via Webobjects-dev
> <email@hidden> wrote:
>
> Hello, everybody,
>
> I am faced with the requirement to integrate SSO into an existing WO
> application with own user/rights management.
>
> The (B2B) WO application is currently already used by different integration
> partners who authenticate their users in the WO application by
> username/password and then get back a WOSession URL to which the user's
> browser is then redirected.
>
> The first integration will probably be based on SAML 2, since the partner
> already uses this for itself. Unfortunately I have no experience with SSO and
> came across auth0.com during my research. However, it is not yet clear to me
> whether and to what extent the requirements can be fulfilled with it.
>
> At the moment I assume that in the end I have to do a mapping between the
> received data from the ID-Provider and the existing users in my database and
> then log the user into my WO-application as usual.
>
> Does anyone have any tips on how to integrate auth0.com into a WO
> application?
>
> I also came across https://github.com/zmartzone/mod_auth_openidc. Does this
> simplify the integration of auth0.com or is it better to do it "directly" via
> the Java libraries of auth0.com.
>
> I'm sorry - questions about questions ;-)
>
> I am grateful for every hint...
> Peer
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-dev mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden