[teiid-issues] [JBoss JIRA] (TEIID-2819) Use Oauth SAML Bearer Assertion Flow

Ramesh Reddy (JIRA) issues at jboss.org
Wed Oct 29 15:19:35 EDT 2014 

    [ https://issues.jboss.org/browse/TEIID-2819?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13015928#comment-13015928 ] 

Ramesh Reddy commented on TEIID-2819:
-------------------------------------

SAML implementation on server/client web application is defined here [http://cxf.apache.org/docs/jax-rs-saml.html]  TODO: write a sample application for testing

In OAuth2, the client application typically need to register first with source (ex: google, twitter, salesforce), then they provide a "client_id" representing the registered application and "secret_key" to be used. Then when user wanting to gain access to SP, can use "client_id" and "secret_key" to get a "authorization code", using a their credentials. For different sources, the auth url is different, need to consult their docs. This "authorization code" is specific to a given user. Now, given "authorization code" client can make the calls. I found this [http://oauth.net/] and this library [https://github.com/fernandezpablo85/scribe-java]

One of the ways SAML assertion can be used as "authentication code" is SAML Bearer. Now
The CXF support is defined here [http://cxf.apache.org/docs/jax-rs-oauth2.html] and [http://cxf.apache.org/docs/jaxrs-oauth2-assertions.html]

Basically in SSO scenario, if a user issues query into Teiid who is originally authenticated using "SAML" (may be through odata, or some other upstream app) then that SAML assertion can be used as "authorization code" to gain access to a OAuth2 application. Using the "authorization code", OAuth2 IDP can provide the "access-token" that can be used in the http header to issue the final query back to source.

Now the question is how this needs to be done in Teiid?

1) Need to build a JAAS login module to handle general OAuth2 calls to resources like google, twitter, fb etc.
2) The based on the previous subject in context the check for SAML assertions?

> Use Oauth SAML Bearer Assertion Flow
> ------------------------------------
>
>                 Key: TEIID-2819
>                 URL: https://issues.jboss.org/browse/TEIID-2819
>             Project: Teiid
>          Issue Type: Feature Request
>          Components: Server
>            Reporter: Van Halbert
>            Assignee: Ramesh Reddy
>
> I can secure my mobile and cloud applications?
> Consider doing SAML first and Oauth later – the use cases are the same, the implementation is different
> Link - https://help.salesforce.com/apex/HTViewHelpDoc?id=remoteaccess_oauth_SAML_bearer_flow.htm&language=en



--
This message was sent by Atlassian JIRA
(v6.3.1#6329)

More information about the teiid-issues mailing list