[security-dev] OAuth Provider Web Application on OpenShift

Anil Saldhana Anil.Saldhana at redhat.com
Mon Jan 21 21:13:58 EST 2013


I agree, Bill. Having a demonstrable solution in the cloud with key
technologies such as AS7, RESTEasy, PicketLink, Aerogear, OpenShift etc
is great for our users.

On 01/21/2013 03:56 PM, Bill Burke wrote:
> Looks good for a start though.  This is exactly what picketlink and
> JBoss need.  A cloud-based auth-server that anybody can use.  Good demo
>
>
> On 1/21/2013 12:33 PM, Anil Saldhana wrote:
>> Bill,
>>      currently it is just a webapp.
>> https://github.com/anilsaldhana/picketlink-oauth-provider
>>
>> The webapp is driven by PL IDM.
>>
>> The REST endpoints come from the PicketLink Extensions project.
>> https://github.com/picketlink/picketlink-extensions
>>
>> Things like AccountRegistration (User Registration), SignIn, Logout etc
>> are just rest services.
>>
>> Regards,
>> Anil
>>
>> On 01/21/2013 11:27 AM, Bill Burke wrote:
>>> This is an ok start, but the app doesn't do anything and many of the
>>> links don't work.
>>>
>>> I'd like to contribute to the project to make it fully functional.  I've
>>> already written a complete end-to-end OAuth2 and Bearer token
>>> infrastructure that does authentication *AND* authorization via an
>>> extension to JWT and have figured all the AS7 integration points to be
>>> able to both produce and consume bearer tokens and execute the OAuth2
>>> redirect protocol.
>>>
>>> So, where's the code in GIT?
>>>
>>>
>>> On 1/18/2013 3:27 PM, Anil Saldhana wrote:
>>>> NOTE:  the following does not use any OAuth Server implementation (no
>>>> Auth Tokens issued etc).
>>>>
>>>> I just want to give you a glimpse at the PicketLink OAuth Provider web
>>>> application.
>>>>
>>>> Uses:  PicketLink 3.0 (IDM and Extensions), Aerogear JS, Twitter
>>>> Bootstrap, RESTEasy and AS7.  Uses PL IDM as of this morning.
>>>>
>>>> http://todo-anilsaldhana.rhcloud.com/picketlink-oauth-provider/jsp/picketlink.html
>>>>
>>>> You can register an account. Then log in.  You can then register oauth
>>>> applications.  If the name is already registered, it will throw a pop up
>>>> saying "Application is already registered". So choose some other name.
>>>>
>>>> This is not a production application.  Just take it for a spin.
>>>> Application restarts will lose all data. :)
>>>>
>>>> I am sure there are tons of issues, broken functionality.



More information about the security-dev mailing list