[undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client protocol support?

Fri Oct 31 10:42:17 EDT 2014

Hi,

Thanks for the feedback. I'm sure this static configuration can be improved.

Being integrated into the core project or not is really a matter of the
Undertow community: on one hand, pac4j is an official module for Shiro, CAS
and Ratpack, on the other hand, it's a separate project for Vertx, J2E,
Spring Security and Play. It's up to you.

Once again, I'd like to publicly thank Michaël for his great work on
Undertow and on SAML as well.

Thanks.
Best regards,

Jérôme LELEU
Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj
Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org

2014-10-30 1:04 GMT+01:00 Stuart Douglas <sdouglas at redhat.com>:

>
>
> ----- Original Message -----
> > From: "Michaël REMOND" <michaelremond at gmail.com>
> > To: "Stuart Douglas" <sdouglas at redhat.com>
> > Cc: undertow-dev at lists.jboss.org, "Jérôme LELEU" <leleuj at gmail.com>
> > Sent: Wednesday, 29 October, 2014 8:28:53 PM
> > Subject: Re: [undertow-dev] CAS / OAuth / OpenID / HTTP / SAML client
> protocol support?
> >
> > Hello,
> >
> > I make a follow-up on this thread as I received no feedback on my pac4j
> > binding proposal.
>
> Sorry, I mean't to look at this but it slipped through the cracks.
>
> >
> > Are you interested in this authentication library? Can we improve its
> > design?
>
> I had a quick look through the code and for the most part it looks good.
> One thing that I would suggest changing is removing the static
> configuration, as it does not generally work very well in an application
> server environment where multiple deployments would be using it.
>
> I don't think something like this really belongs in Undertow core though.
> Maybe I should add a related projects section to the undertow.io site and
> link it there?
>
> Stuart
>
> >
> > Thank you for your help
> >
> > Regards,
> > Michaël
> >
> > 2014-05-27 20:02 GMT+02:00 Michaël REMOND <michaelremond at gmail.com>:
> >
> > > Hello dear Community,
> > >
> > > I made a first draft of what could be a pac4j binding for Undertow. You
> > > can find our standard demo application here
> > > https://github.com/pac4j/undertow-pac4j-demo. You can test several
> > > different authentication providers (facebook, twitter, form, CAS,
> SAML...).
> > >
> > > I'd like to share some implementation details with you:
> > >  - I implemented a new AuthenticationMechanism delegating the
> > > authentication to a pac4j client; so this mechanism is rather
> "generic" in
> > > regards to what you got in undertow (one for basic auth, one for
> form...)
> > >  - pac4j needs a session mechanism so I used the Undertow
> SessionManager
> > > to store some attributes but also the User Profile once the user is
> > > successfully authenticated
> > >  - pac4j also needs a callback url to finish the authentication
> process so
> > > I developped a dedicated handler
> > >  - finally I used the EagerFormParsingHandler to grab the required
> POSTed
> > > data
> > >
> > > To conclude I have to say I really appreciated the maturity of the
> > > framework because it was pretty straightforward to play with all the
> > > concepts and the ability to change from the IO thread to the
> dispatcher is
> > > really powerfull.
> > >
> > > Jérôme and I are really interrested to get your feedback on this work.
> > > Does this binding makes sense to you? How can we improve this work to
> fit
> > > perfectly in Undertow and how can we extract a viable library from the
> > > demo?
> > >
> > > Thank you for your help,
> > >
> > > Regards,
> > > Michaël
> > >
> > >
> > >
> > > 2014-05-13 15:01 GMT+02:00 Stuart Douglas <sdouglas at redhat.com>:
> > >
> > >> This does sound pretty cool. I would start by looking at the existing
> > >> authenticator implementations and the security docs at
> > >>
> > >> http://undertow.io/documentation/core/security.html
> > >>
> > >> Stuart
> > >>
> > >> Michaël REMOND wrote:
> > >>
> > >>> Hi,
> > >>>
> > >>> I currently contribute to a Java library from Jerome Leleu, able to
> > >>> protect applications and delegate authentications to various identity
> > >>> providers. It currently supports 5 different protocols: CAS, OAuth,
> > >>> OpenID, HTTP and SAML and 18 identity providers (Facebook, Twitter,
> > >>> Google, Yahoo...) through a very simple and unified API accross
> > >>> protocols/JVM frameworks: https://github.com/leleuj/pac4j.
> > >>>
> > >>> The pac4j librairies are used in various JVM frameworks with the
> > >>> appropriate implementations: Spring Security, Shiro, CAS, J2E and
> Play.
> > >>> Although the core pac4j librairies gathers "a lot of" code (300
> classes,
> > >>> 26000 lines of source code), the implementations to specific JVM
> > >>> frameworks are pretty straigtforward: from 4 classes for Spring
> Security
> > >>> to 11 classes for Play Framework 2.x.
> > >>>
> > >>> We are currently targeting new plateforms and especially async one;
> we
> > >>> got an implementation from ratpack (http://www.ratpack.io/) and we
> > >>> discussed also with the guys from vert.x. They gave us some ideas in
> > >>> order to improve our library by becoming more "reactive".
> > >>>
> > >>> I think that pac4j could be helpful for the Undertow community too by
> > >>> bringing client multi-protocols support.
> > >>>
> > >>> I looked at the security model from Undertow and I start to think
> about
> > >>> a possible integration by developing a
> "Pac4jAuthenticationMechanism".
> > >>>
> > >>> What do you think about such development? Are you interested in a
> demo
> > >>> app showing how this could work? Do you have suggestions?
> > >>>
> > >>> Thanks.
> > >>> Best regards,
> > >>> Michael Remond
> > >>>
> > >>> _______________________________________________
> > >>> undertow-dev mailing list
> > >>> undertow-dev at lists.jboss.org
> > >>> https://lists.jboss.org/mailman/listinfo/undertow-dev
> > >>>
> > >>
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20141031/97bc434c/attachment-0001.html 