Re: SSO-Integration (auth0.com)
Re: SSO-Integration (auth0.com)
- Subject: Re: SSO-Integration (auth0.com)
- From: Peer Sandtner via Webobjects-dev <email@hidden>
- Date: Wed, 26 Feb 2020 15:57:50 +0100
Hi Sharpy,
thanks a lot for your detailed response – especially the reference to Gluu.
I already played around with mod_auth_openidc. Some things I’m struggling with:
I still want to be able to Login into the application without
Gluu/SSO-functionality – and some direct actions must be accessible to
everyone. Therefore I cannot enter the (not SSO-based) login page
"/cgi-bin/WebObjects/MyApp.woa" of the WO application in mod_auth_openidc
(using <Location> directive).
Peer
> Am 25.02.2020 um 11:15 schrieb email@hidden:
>
> Hi Peer,
>
> I’ve recently replaced our end of life SSO implementation (CoSign) with
> OpenID Connect via mod_auth_openidc.
>
> I went with Gluu as the OICD provider (https://www.gluu.org/
> <https://www.gluu.org/>). I assume mod_auth_openidc works with any compliant
> OIDC provider including Auth0.
>
> There's nothing really WO’ey about this, in fact there were no changes
> required to application code, only httpd configuration. I was able to map the
> authenticated username to the “remote_user” header where our applications
> already expect the username to be, allowing my rudimentary access control to
> continue to work.
>
> A provider’s access token can potentially deliver all manner of data that
> could describe a user’s access privileges and identity and I hope to use Gluu
> to describe (or derive from AD) user access privileges which can then deliver
> a rich access token to my WO apps via httpd/mod_auth_openidc.
>
> Until then I’m using it simply to require authentication on certain paths
> using Location and LocationMatch directives as you would with any other httpd
> AuthType.
>
> Sharpy.
>
>
>> On 25 Feb 2020, at 6:48 pm, Peer Sandtner via Webobjects-dev
>> <email@hidden <mailto:email@hidden>>
>> wrote:
>>
>> Hello, everybody,
>>
>> I am faced with the requirement to integrate SSO into an existing WO
>> application with own user/rights management.
>>
>> The (B2B) WO application is currently already used by different integration
>> partners who authenticate their users in the WO application by
>> username/password and then get back a WOSession URL to which the user's
>> browser is then redirected.
>>
>> The first integration will probably be based on SAML 2, since the partner
>> already uses this for itself. Unfortunately I have no experience with SSO
>> and came across auth0.com <http://auth0.com/> during my research. However,
>> it is not yet clear to me whether and to what extent the requirements can be
>> fulfilled with it.
>>
>> At the moment I assume that in the end I have to do a mapping between the
>> received data from the ID-Provider and the existing users in my database and
>> then log the user into my WO-application as usual.
>>
>> Does anyone have any tips on how to integrate auth0.com <http://auth0.com/>
>> into a WO application?
>>
>> I also came across https://github.com/zmartzone/mod_auth_openidc
>> <https://github.com/zmartzone/mod_auth_openidc>. Does this simplify the
>> integration of auth0.com <http://auth0.com/> or is it better to do it
>> "directly" via the Java libraries of auth0.com <http://auth0.com/>.
>>
>> I'm sorry - questions about questions ;-)
>>
>> I am grateful for every hint...
>> Peer
>>
>> _______________________________________________
>> Do not post admin requests to the list. They will be ignored.
>> Webobjects-dev mailing list (email@hidden
>> <mailto:email@hidden>)
>> Help/Unsubscribe/Update your Subscription:
>>
>> This email sent to email@hidden
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden