[news.eclipse.technology.higgins] Putting together a multiple protocol R

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Newsgroup Home]

[news.eclipse.technology.higgins] Putting together a multiple protocol RP application

From: Jeff Schmidt <jas@xxxxxxxxxxxxxxxxx>
Date: Tue, 01 Apr 2008 10:26:04 -0700
Newsgroups: eclipse.technology.higgins
Organization: 535 Consulting
User-agent: MT-NewsWatcher/3.5.3b2 (Intel Mac OS X)

Hello:

I'm looking into Higgins in the hope of implementing an "authentication 
server". That is, the architecture calls for creating a simple API 
between various local applications+user agent and the authentication 
server. This API will remain fairly constant, and it is the 
responsibility of the authentication server+user agent to work with 
various protocols, IdPs etc.

I'm looking for a Java framework to allow me be build the authentication 
server, and Higgins looks promising. However, InfoCard is not my initial 
concern, though, so much as supporting protocols such as SAML, OpenID, 
as well as a couple of custom protocols. There is also the need to make 
use of our existing database of local user information.

As far as I can tell, I need to make use of "Relying Party Enablement", 
as the authentication server is an RP.  It looks like the aforementioned 
protocols need to be implemented as sub-classes of 
org.eclipse.higgins.rp.AuthProtocolHandler. The custom protocols I 
expect to implement myself, but it appears there is no existing 
component for either SAML or OpenID, just iCard (Higgins 1.0 anyway).

I see there is available both a Higgins based SAML 2 IdP, as well as a 
test SAML 2 RP application, which itself does not make use of RP 
enablement. I suppose the latter could be used as a basis for SAML 2 RP 
functionality. Are there any near term prospects for more official RP 
Enablement based implementations of SAML (most important to me), and 
OpenID?

I still need to wade through the documentation regarding IdAS, contexts 
etc. to see how to tie things together and uniformly access the user 
identity information available via each protocol, but it looks promising.

I want a system whereby the user agent is redirect to the authentication 
server by one or more local applications. The authentication server, 
then, can determine the appropriate IdP, or ask the user if it can't 
figure it out, and kick of that authentication protocol via the user 
agent. After interacting with the IdP, the user agent is redirected back 
to the authentication server, which needs to complete the protocol, 
verify the IdP token/cookie/whatever, and make the user 
identity/attributes available in a neutral manner for further 
non-protocol/IdP specific processing by the authentication server. This 
all sounds like something Higgins can help facilitate.

I'm still in the evaluation phase. Am I mis-reading anything regarding 
Higgins?

Thanks!

Jeff

Prev by Date: [news.eclipse.technology.higgins] User's trusted identity agent and r-card
Next by Date: [news.eclipse.technology.higgins] Re: No suitable endpoints found for the IdP!
Previous by thread: [news.eclipse.technology.higgins] User's trusted identity agent and r-card
Next by thread: [news.eclipse.technology.higgins] Higgins Global Graph vs Context Data Model
Index(es):
- Date
- Thread