• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: SSO-Integration (auth0.com)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SSO-Integration (auth0.com)


  • Subject: Re: SSO-Integration (auth0.com)
  • From: Peer Sandtner via Webobjects-dev <email@hidden>
  • Date: Wed, 26 Feb 2020 15:57:50 +0100

Hi Sharpy,

thanks a lot for your detailed response – especially the reference to Gluu.

I already played around with mod_auth_openidc. Some things I’m struggling with:

I still want to be able to Login into the application without
Gluu/SSO-functionality – and some direct actions must be accessible to
everyone. Therefore I cannot enter the (not SSO-based) login page
"/cgi-bin/WebObjects/MyApp.woa" of the WO application in mod_auth_openidc
(using <Location> directive).

Peer


> Am 25.02.2020 um 11:15 schrieb email@hidden:
>
> Hi Peer,
>
> I’ve recently replaced our end of life SSO implementation (CoSign) with
> OpenID Connect via mod_auth_openidc.
>
> I went with Gluu as the OICD provider (https://www.gluu.org/
> <https://www.gluu.org/>).  I assume mod_auth_openidc works with any compliant
> OIDC provider including Auth0.
>
> There's nothing really WO’ey about this, in fact there were no changes
> required to application code, only httpd configuration. I was able to map the
> authenticated username to the “remote_user” header where our applications
> already expect the username to be, allowing my rudimentary access control to
> continue to work.
>
>  A provider’s access token can potentially deliver all manner of data that
> could describe a user’s access privileges and identity and I hope to use Gluu
> to describe (or derive from AD) user access privileges which can then deliver
> a rich access token to my WO apps via httpd/mod_auth_openidc.
>
> Until then I’m using it simply to require authentication on certain paths
> using Location and LocationMatch directives as you would with any other httpd
> AuthType.
>
> Sharpy.
>
>
>> On 25 Feb 2020, at 6:48 pm, Peer Sandtner via Webobjects-dev
>> <email@hidden <mailto:email@hidden>>
>> wrote:
>>
>> Hello, everybody,
>>
>> I am faced with the requirement to integrate SSO into an existing WO
>> application with own user/rights management.
>>
>> The (B2B) WO application is currently already used by different integration
>> partners who authenticate their users in the WO application by
>> username/password and then get back a WOSession URL to which the user's
>> browser is then redirected.
>>
>> The first integration will probably be based on SAML 2, since the partner
>> already uses this for itself. Unfortunately I have no experience with SSO
>> and came across auth0.com <http://auth0.com/> during my research.  However,
>> it is not yet clear to me whether and to what extent the requirements can be
>> fulfilled with it.
>>
>> At the moment I assume that in the end I have to do a mapping between the
>> received data from the ID-Provider and the existing users in my database and
>> then log the user into my WO-application as usual.
>>
>> Does anyone have any tips on how to integrate auth0.com <http://auth0.com/>
>> into a WO application?
>>
>> I also came across https://github.com/zmartzone/mod_auth_openidc
>> <https://github.com/zmartzone/mod_auth_openidc>. Does this simplify the
>> integration of auth0.com <http://auth0.com/> or is it better to do it
>> "directly" via the Java libraries of auth0.com <http://auth0.com/>.
>>
>> I'm sorry - questions about questions ;-)
>>
>> I am grateful for every hint...
>> Peer
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list      (email@hidden
>> <mailto:email@hidden>)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >SSO-Integration (auth0.com) (From: Peer Sandtner via Webobjects-dev <email@hidden>)
 >Re: SSO-Integration (auth0.com) (From: getsharp--- via Webobjects-dev <email@hidden>)

  • Prev by Date: Re: Multiple timezones
  • Next by Date: Re: Multiple timezones
  • Previous by thread: Re: SSO-Integration (auth0.com)
  • Next by thread: Multiple timezones
  • Index(es):
    • Date
    • Thread