[undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?

Stuart Douglas sdouglas at redhat.com
Wed Oct 29 20:04:41 EDT 2014 


----- Original Message -----
> From: "Michaël REMOND" <michaelremond at gmail.com>
> To: "Stuart Douglas" <sdouglas at redhat.com>
> Cc: undertow-dev at lists.jboss.org, "Jérôme LELEU" <leleuj at gmail.com>
> Sent: Wednesday, 29 October, 2014 8:28:53 PM
> Subject: Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?
> 
> Hello,
> 
> I make a follow-up on this thread as I received no feedback on my pac4j
> binding proposal.

Sorry, I mean't to look at this but it slipped through the cracks. 

> 
> Are you interested in this authentication library? Can we improve its
> design?

I had a quick look through the code and for the most part it looks good. One thing that I would suggest changing is removing the static configuration, as it does not generally work very well in an application server environment where multiple deployments would be using it. 

I don't think something like this really belongs in Undertow core though. Maybe I should add a related projects section to the undertow.io site and link it there?

Stuart

> 
> Thank you for your help
> 
> Regards,
> Michaël
> 
> 2014-05-27 20:02 GMT+02:00 Michaël REMOND <michaelremond at gmail.com>:
> 
> > Hello dear Community,
> >
> > I made a first draft of what could be a pac4j binding for Undertow. You
> > can find our standard demo application here
> > https://github.com/pac4j/undertow-pac4j-demo. You can test several
> > different authentication providers (facebook, twitter, form, CAS, SAML...).
> >
> > I'd like to share some implementation details with you:
> >  - I implemented a new AuthenticationMechanism delegating the
> > authentication to a pac4j client; so this mechanism is rather "generic" in
> > regards to what you got in undertow (one for basic auth, one for form...)
> >  - pac4j needs a session mechanism so I used the Undertow SessionManager
> > to store some attributes but also the User Profile once the user is
> > successfully authenticated
> >  - pac4j also needs a callback url to finish the authentication process so
> > I developped a dedicated handler
> >  - finally I used the EagerFormParsingHandler to grab the required POSTed
> > data
> >
> > To conclude I have to say I really appreciated the maturity of the
> > framework because it was pretty straightforward to play with all the
> > concepts and the ability to change from the IO thread to the dispatcher is
> > really powerfull.
> >
> > Jérôme and I are really interrested to get your feedback on this work.
> > Does this binding makes sense to you? How can we improve this work to fit
> > perfectly in Undertow and how can we extract a viable library from the
> > demo?
> >
> > Thank you for your help,
> >
> > Regards,
> > Michaël
> >
> >
> >
> > 2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas at redhat.com>:
> >
> >> This does sound pretty cool. I would start by looking at the existing
> >> authenticator implementations and the security docs at
> >>
> >> http://undertow.io/documentation/core/security.html
> >>
> >> Stuart
> >>
> >> Michaël REMOND wrote:
> >>
> >>> Hi,
> >>>
> >>> I currently contribute to a Java library from Jerome Leleu, able to
> >>> protect applications and delegate authentications to various identity
> >>> providers. It currently supports 5 different protocols: CAS, OAuth,
> >>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
> >>> Google, Yahoo...) through a very simple and unified API accross
> >>> protocols/JVM frameworks: https://github.com/leleuj/pac4j.
> >>>
> >>> The pac4j librairies are used in various JVM frameworks with the
> >>> appropriate implementations: Spring Security, Shiro, CAS, J2E and Play.
> >>> Although the core pac4j librairies gathers "a lot of" code (300 classes,
> >>> 26000 lines of source code), the implementations to specific JVM
> >>> frameworks are pretty straigtforward: from 4 classes for Spring Security
> >>> to 11 classes for Play Framework 2.x.
> >>>
> >>> We are currently targeting new plateforms and especially async one; we
> >>> got an implementation from ratpack (http://www.ratpack.io/) and we
> >>> discussed also with the guys from vert.x. They gave us some ideas in
> >>> order to improve our library by becoming more "reactive".
> >>>
> >>> I think that pac4j could be helpful for the Undertow community too by
> >>> bringing client multi-protocols support.
> >>>
> >>> I looked at the security model from Undertow and I start to think about
> >>> a possible integration by developing a "Pac4jAuthenticationMechanism".
> >>>
> >>> What do you think about such development? Are you interested in a demo
> >>> app showing how this could work? Do you have suggestions?
> >>>
> >>> Thanks.
> >>> Best regards,
> >>> Michael Remond
> >>>
> >>> _______________________________________________
> >>> undertow-dev mailing list
> >>> undertow-dev at lists.jboss.org
> >>> https://lists.jboss.org/mailman/listinfo/undertow-dev
> >>>
> >>
> >
>

More information about the undertow-dev mailing list