Anil Saldhana wrote:
https://community.jboss.org/wiki/WildFlyWebContainerSecurityUseCases
We use JBossWeb Valves/Authenticators in AS7/JBossWeb.
Undertow currently just handles the standard mechanisms
(gss,form,basic,client-cert,digest) via the LoginConfig construct.
https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io...
Yes, that API is pretty limited at the moment. In general that Undertow
API is subject to change, it is basically my first attempt and when I
have some time I want to refine it to make it more useful.
I am wondering if it is possible to update the builder API to change to
overriden implementations of the mechanisms for example: FORM. In my
case, the SAMLAuthenticationMechanism would be a subclass of
FormAuthenticationMechanism.
This should be possible. We will also need something similar in the
servlet builder API.
Stuart
I think Bill Burke has a similar use case where he would like to inject
an OAuth driven Auth Mechanism.
I guess as a start the builder api should be updated. Not sure how it
should look.
On 04/24/2013 04:04 PM, Stuart Douglas wrote:
> If you are configuring Undertow programmatically you need to add a
> io.undertow.security.handlers.AuthenticationMechanismsHandler to the
> handler chain that has your authentication mechanism.
>
> Unfortunately we don't have a way of hooking this up into the Wildfly
> config yet, although it will not be a very big job. Regarding config
> options for AS7 there are a few possibilities:
>
> 1) Allow the user to specify the class name and module in JBoss Web to
> configure per app, and same in standalone.xml for global authenticators.
>
> 2) Introduce a servlet loader based mechanism to allow mechanisms to be
> loaded and associated with a simple name. This name could then be
> specified in the web.xml login config. In the subsystem you could list
> all the modules that you want to load authentication mechanisms from.
> This has the advantage that internal class names do not leak out into
> config.
>
> 3) Some other way??
>
> I am leaning towards option 2. I think it should be possible to get this
> integrated into the next Undertow release early next week.
>
> Stuart
>
> Anil Saldhana wrote:
>> Hi,
>> I am trying to figure out how to set up the authentication mechanisms
>> in undertow. If I write an authentication mechanism involving saml, how
>> do I make the web apps using that mechanism.
>>
>> Any links to test cases.
>>
>> Regards,
>> Anil
_______________________________________________
undertow-dev mailing list
undertow-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev