You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Rajeswari Raghunathan <ra...@crayondata.com> on 2013/12/05 14:18:07 UTC
Re: Need guidance
Hi,
Is there any we can add customized entitlement for roles?
Thanks.
On Fri, Nov 29, 2013 at 4:24 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> On 29/11/2013 07:08, Rajeswari Raghunathan wrote:
>
>> Hi,
>>
>> I need another guidance in Rest api for authenticating and authorizing
>> the user.
>> eg.. 1. is there any rest api through which user name and password will
>> be sent in request and in response status of authentication will be sent??
>> 2. Another api for authorization??
>>
>> if you can provide me any documentation for this it will be useful.
>> Actually i want to connect from nodejs to Apache syncope.,if you need any
>> further information let me know.
>>
>
> Hi,
> first of all, please bare in mind that Syncope is mainly a provisioning
> engine, not actually an access manager, like as CAS [1], for example.
> This means you cannot easily use Syncope for implementing SSO or to
> centralize the authorization of a set of external applications: Syncope
> defines its own entitlements [2], but they are *exclusively* for internal
> usage.
>
> Having said that, you can look at [3] for REST reference (I assume you are
> on 1.1.X, right?): the simplest call for your requirements is
>
> GET /auth/entitlements.json (if using Spring MVC)
> GET /entitlements/own.json (if using CXF)
>
> This call is protected by Basic Authentication, so if authentication is
> failing, an Exception will be raised.
> When successful, instead, a list of owned entitlements will be returned.
>
> [1] http://www.jasig.org/cas
> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/
> Authentication+and+authorization
> [3] https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
>
Re: Need guidance
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 05/12/2013 14:18, Rajeswari Raghunathan wrote:
> Hi,
>
> Is there any we can add customized entitlement for roles?
Hi,
as explained below, entitlements are only for internal usage, so, even
there could be some hack to extend the predefined set of entitlements, I
wouldn't suggest to do it.
Instead, if you need to associate some kind of authorization-related
information to roles, why don't you define a multi-value enum role schema?
This will not, of course, provide you with any enforcement mechanism,
but at least will give you the chance to define and maintain the
authorization information.
Regards.
> On Fri, Nov 29, 2013 at 4:24 PM, Francesco Chicchiriccò
> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> On 29/11/2013 07:08, Rajeswari Raghunathan wrote:
>
> Hi,
>
> I need another guidance in Rest api for authenticating and
> authorizing the user.
> eg.. 1. is there any rest api through which user name and
> password will be sent in request and in response status of
> authentication will be sent??
> 2. Another api for authorization??
>
> if you can provide me any documentation for this it will be
> useful.
> Actually i want to connect from nodejs to Apache syncope.,if
> you need any further information let me know.
>
>
> Hi,
> first of all, please bare in mind that Syncope is mainly a
> provisioning engine, not actually an access manager, like as CAS
> [1], for example.
> This means you cannot easily use Syncope for implementing SSO or
> to centralize the authorization of a set of external applications:
> Syncope defines its own entitlements [2], but they are
> *exclusively* for internal usage.
>
> Having said that, you can look at [3] for REST reference (I assume
> you are on 1.1.X, right?): the simplest call for your requirements is
>
> GET /auth/entitlements.json (if using Spring MVC)
> GET /entitlements/own.json (if using CXF)
>
> This call is protected by Basic Authentication, so if
> authentication is failing, an Exception will be raised.
> When successful, instead, a list of owned entitlements will be
> returned.
>
> [1] http://www.jasig.org/cas
> [2]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
> [3]
> https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
>
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/