Re: [higgins-dev] STS Authentication methods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] STS Authentication methods

From: Markus Sabadello <markus.sabadello@xxxxxxxxx>
Date: Fri, 4 Dec 2009 11:55:42 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=oHa5qxtfWn9ugnsJ3XSDPfLb6XXlPWUs6Qax5etj/MxGYHVd3DRN4ckI8DwS1O2Xim FAaYzQIskuF+JsP8opdsWi1m3G605WZEG9561x0toku8FMytdtXadXkY7tYFbro2L7Oe JiRyz841sUA1extzFmIsLyQUHdCPDfVefQBv0=
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

Hello David,

In IdAS (an API layer that abstracts from different identity related data sources) there is the concept of Authentication Materials:
http://wiki.eclipse.org/Authentication_Materials

Authentication Materials are represented by the interface IAuthNMaterials in org.eclipse.higgins.idas.api.
There are some implementation classes (e.g. for username/password, saml token, etc) in org.eclipse.higgins.idas.common.
You need to pass one of them to the IContext.open() method to open an IdAS Context.

E.g. if you want to open an LDAP Context, you may need an AuthNNamePasswordMaterials object (username / password).

Authentication Materials can be (de-)serialized to strings, so that they can be sent over the network (see the AuthNMaterialsSerializer class).

There are pre-defined "type" strings for Authentication Materials in IAuthNMaterials.

Sometimes, the Authentication Materials type or even the Authentication Materials themselves can be discovered from a UDI that points to a Context:
http://wiki.eclipse.org/UDI

So, you could extend this by writing your own class that implements IAuthNMaterials.
Of course you also need an IdAS Context Provider that understands your own type of Authentication Materials.

Maybe this helps a bit. This is generic IdAS information. Unfortunately I don't know so much about how exactly the Higgins STS / Bandit use the IdAS layer.

Markus

On Fri, Dec 4, 2009 at 11:43 AM, David Campos <noymn.the.archangel@xxxxxxxxx> wrote:

Hello all,

Maybe I'm wrong with what I guess but since I saw that BanditIdP could do it and knowing that bandit is based on Higgins STS implementation I would like to know how to use other authentication in Higgins Framework. What I want is to allow to possible IdP users to access their profile after being authenticated with a UN/PW pair, an iCard or and OpenID URL.

As I have seen, going through axis1x binding code, credentials are needed in order to access to the profile (I guess that it's an IdAS requirement). There is any way to use other authentication methods? Do I need to wrap a class made by me in order to do this authentication or Higgins already has a way to extend this behavour?

I say this because I saw and tested Bandit IdP method. I know that on that IdP the user needs to associate his P-Card PPID to its account but that's not a trouble after all.

I hope you can help me.

Regards,
---
David Campos
Safelayer Secure Communications
DMAG UPC Researcher

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

References:
- [higgins-dev] STS Authentication methods
  - From: David Campos

Prev by Date: [higgins-dev] STS Authentication methods
Next by Date: Re: [higgins-dev] Where is org.eclipse.higgins.configuration.xml.IdentityAttributeServiceHandler
Previous by thread: [higgins-dev] STS Authentication methods
Next by thread: [higgins-dev] Android requires Card Sync webapp
Index(es):
- Date
- Thread

Breadcrumbs