[undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?
Michaël REMOND
michaelremond at gmail.com
Mon May 12 11:32:11 EDT 2014
Hi,
I currently contribute to a Java library from Jerome Leleu, able to protect
applications and delegate authentications to various identity providers. It
currently supports 5 different protocols: CAS, OAuth, OpenID, HTTP and SAML
and 18 identity providers (Facebook, Twitter, Google, Yahoo...) through a
very simple and unified API accross protocols/JVM frameworks:
https://github.com/leleuj/pac4j.
The pac4j librairies are used in various JVM frameworks with the
appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
Although the core pac4j librairies gathers "a lot of" code (300 classes,
26000 lines of source code), the implementations to specific JVM frameworks
are pretty straigtforward: from 4 classes for Spring Security to 11 classes
for Play Framework 2.x.
We are currently targeting new plateforms and especially async one; we got
an implementation from ratpack (http://www.ratpack.io/) and we discussed
also with the guys from vert.x. They gave us some ideas in order to improve
our library by becoming more "reactive".
I think that pac4j could be helpful for the Undertow community too by
bringing client multi-protocols support.
I looked at the security model from Undertow and I start to think about a
possible integration by developing a "Pac4jAuthenticationMechanism".
What do you think about such development? Are you interested in a demo app
showing how this could work? Do you have suggestions?
Thanks.
Best regards,
Michael Remond
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20140512/c8a498dd/attachment.html
More information about the undertow-dev
mailing list