Page properties | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
# | Title | User Story | Importance | Notes |
---|---|---|---|---|
1 | Implementing multiple authentication providers | There are wide and varying authentication mechanisms in place across various enterprises. Accordingly, it is important to provide a consistent interface for integration within various environments as well as providing a basis for custom implementations. | ||
2 | Username/Password Provider | Active Directory, LDAP | ||
3 | Kerberos Provider | |||
4 | PKI Provider | |||
5 | OAuth2/OpenID Connect |
...
Question | Outcome | ||
---|---|---|---|
What best addresses the problem in terms of our needs and technology? Dispelling differences between SASL and JAAS and their applicability. | By sticking with Spring Security we can eventually offer support for both | ||
What is a core set of providers that cover most needs? | PKI, Username/Password (Active Directory, LDAP), Keberos | ||
How does this affect user model in terms of groups and access? How does it affect our compliance with SCIM? | It does not affect it. This simply provides support for identifying a user. Access and groups are handled by the AuthorityProvier | ||
How does this affect the authority provider? | It does not impact the AuthorityProvider | ||
When using Username/Password how do we establish site to site communication? Do we support creating new users via the UI? | Will likely not support creating new users via the UI and will require the admin to provide the credentials which will be input when configuring the Remote Process Group. | When using OpenId Connect how do we establish site to site communication? | Since certificates are necessary for establishing secure connectors in the web server, we can still rely on certificates for site to site and cluster communications. |