This page contains topics supporting ongoing discussion at dev@syncope.apache.org. |
Tracked as SYNCOPE-1041.
Once this feature is implemented, it will be possible to log into the Admin Console, the Enduser UI (and any other Java EE web application) by using the Web Browser SSO Profile and an external SAML 2.0 Identity Provider.
An important requirement is to maintain all authentication / authorization aspects into the Syncope Core.
The idea is to provide a new Java EE web-fragment named SAML 2.0 SP Agent, meant to be deployed, as separated JAR file, alongside with the Admin Console, the Enduser UI (and any other Java EE web application).
The operation's flow will be something like as follows:
For several reasons - including the need to introduce additional library dependencies for manipulating SAML 2.0 assertions - the ideal candidate for this implementation is a new extension.
The OpenSAML 3.0 library looks like an adequate fit for this job.