[
https://issues.jboss.org/browse/TEIID-2819?page=com.atlassian.jira.plugin...
]
Ramesh Reddy commented on TEIID-2819:
-------------------------------------
Looking into this, this seems to be highly dependent upon the framework that user uses to
design their fronting app. The scenario here is
User --> Client SOAP or REST app does SAML --> DV -->WS-Resource Adapter
|
\/
IDP (picket link, shibboth, salesforce etc)
In the above "Client SOAP or REST app does SAML" during the SAML authentication
generates a SAML Response Assertion document, that needs to be used as the token to
"WS" resource adapter. This document is not available in any context like in
authenticated Subject, so one need to figure out a way to extend/intercept from client app
and pass it around, which seems highly implementation specific CXF, PicketLink in EAP
case. CXF is used with SOAP services, REST seems to use PicketLink. Also, what if this app
is developed by user/customer with something else?
Use Oauth SAML Bearer Assertion Flow
------------------------------------
Key: TEIID-2819
URL:
https://issues.jboss.org/browse/TEIID-2819
Project: Teiid
Issue Type: Feature Request
Components: Server
Reporter: Van Halbert
Assignee: Ramesh Reddy
I can secure my mobile and cloud applications?
Consider doing SAML first and Oauth later – the use cases are the same, the
implementation is different
Link -
https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_SAML...
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)