You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@syncope.apache.org by Rajeswari Raghunathan <ra...@crayondata.com> on 2013/11/28 07:51:28 UTC
Re: Need guidance
Hi Team,
I want to use syncope for our project. In Syncope UI, i could see the
mapping of user and roles. But in my case i want to map user with roles and
department and Organization.
eg user: Test, role:staff, department:Operations, Organization:Organization
how can i achieve the above mapping?
and How can i achieve multiple tenancy with syncope?
Thanks
Re: Need guidance
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 05/12/2013 14:18, Rajeswari Raghunathan wrote:
> Hi,
>
> Is there any we can add customized entitlement for roles?
Hi,
as explained below, entitlements are only for internal usage, so, even
there could be some hack to extend the predefined set of entitlements, I
wouldn't suggest to do it.
Instead, if you need to associate some kind of authorization-related
information to roles, why don't you define a multi-value enum role schema?
This will not, of course, provide you with any enforcement mechanism,
but at least will give you the chance to define and maintain the
authorization information.
Regards.
> On Fri, Nov 29, 2013 at 4:24 PM, Francesco Chicchiriccò
> <ilgrosso@apache.org <ma...@apache.org>> wrote:
>
> On 29/11/2013 07:08, Rajeswari Raghunathan wrote:
>
> Hi,
>
> I need another guidance in Rest api for authenticating and
> authorizing the user.
> eg.. 1. is there any rest api through which user name and
> password will be sent in request and in response status of
> authentication will be sent??
> 2. Another api for authorization??
>
> if you can provide me any documentation for this it will be
> useful.
> Actually i want to connect from nodejs to Apache syncope.,if
> you need any further information let me know.
>
>
> Hi,
> first of all, please bare in mind that Syncope is mainly a
> provisioning engine, not actually an access manager, like as CAS
> [1], for example.
> This means you cannot easily use Syncope for implementing SSO or
> to centralize the authorization of a set of external applications:
> Syncope defines its own entitlements [2], but they are
> *exclusively* for internal usage.
>
> Having said that, you can look at [3] for REST reference (I assume
> you are on 1.1.X, right?): the simplest call for your requirements is
>
> GET /auth/entitlements.json (if using Spring MVC)
> GET /entitlements/own.json (if using CXF)
>
> This call is protected by Basic Authentication, so if
> authentication is failing, an Exception will be raised.
> When successful, instead, a list of owned entitlements will be
> returned.
>
> [1] http://www.jasig.org/cas
> [2]
> https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
> [3]
> https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
>
>
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
Re: Need guidance
Posted by Rajeswari Raghunathan <ra...@crayondata.com>.
Hi,
Is there any we can add customized entitlement for roles?
Thanks.
On Fri, Nov 29, 2013 at 4:24 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> On 29/11/2013 07:08, Rajeswari Raghunathan wrote:
>
>> Hi,
>>
>> I need another guidance in Rest api for authenticating and authorizing
>> the user.
>> eg.. 1. is there any rest api through which user name and password will
>> be sent in request and in response status of authentication will be sent??
>> 2. Another api for authorization??
>>
>> if you can provide me any documentation for this it will be useful.
>> Actually i want to connect from nodejs to Apache syncope.,if you need any
>> further information let me know.
>>
>
> Hi,
> first of all, please bare in mind that Syncope is mainly a provisioning
> engine, not actually an access manager, like as CAS [1], for example.
> This means you cannot easily use Syncope for implementing SSO or to
> centralize the authorization of a set of external applications: Syncope
> defines its own entitlements [2], but they are *exclusively* for internal
> usage.
>
> Having said that, you can look at [3] for REST reference (I assume you are
> on 1.1.X, right?): the simplest call for your requirements is
>
> GET /auth/entitlements.json (if using Spring MVC)
> GET /entitlements/own.json (if using CXF)
>
> This call is protected by Basic Authentication, so if authentication is
> failing, an Exception will be raised.
> When successful, instead, a list of owned entitlements will be returned.
>
> [1] http://www.jasig.org/cas
> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/
> Authentication+and+authorization
> [3] https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
>
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
>
Re: Need guidance
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 29/11/2013 07:08, Rajeswari Raghunathan wrote:
> Hi,
>
> I need another guidance in Rest api for authenticating and authorizing
> the user.
> eg.. 1. is there any rest api through which user name and password
> will be sent in request and in response status of authentication will
> be sent??
> 2. Another api for authorization??
>
> if you can provide me any documentation for this it will be useful.
> Actually i want to connect from nodejs to Apache syncope.,if you need
> any further information let me know.
Hi,
first of all, please bare in mind that Syncope is mainly a provisioning
engine, not actually an access manager, like as CAS [1], for example.
This means you cannot easily use Syncope for implementing SSO or to
centralize the authorization of a set of external applications: Syncope
defines its own entitlements [2], but they are *exclusively* for
internal usage.
Having said that, you can look at [3] for REST reference (I assume you
are on 1.1.X, right?): the simplest call for your requirements is
GET /auth/entitlements.json (if using Spring MVC)
GET /entitlements/own.json (if using CXF)
This call is protected by Basic Authentication, so if authentication is
failing, an Exception will be raised.
When successful, instead, a list of owned entitlements will be returned.
[1] http://www.jasig.org/cas
[2]
https://cwiki.apache.org/confluence/display/SYNCOPE/Authentication+and+authorization
[3] https://cwiki.apache.org/confluence/display/SYNCOPE/REST+API+upgrade
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/
Re: Need guidance
Posted by Rajeswari Raghunathan <ra...@crayondata.com>.
Hi,
I need another guidance in Rest api for authenticating and authorizing the
user.
eg.. 1. is there any rest api through which user name and password will be
sent in request and in response status of authentication will be sent??
2. Another api for authorization??
if you can provide me any documentation for this it will be useful.
Actually i want to connect from nodejs to Apache syncope.,if you need any
further information let me know.
Thanks
On Thu, Nov 28, 2013 at 1:43 PM, Rajeswari Raghunathan <
rajeswari@crayondata.com> wrote:
> Thanks you very much for the fast reply... i will implement in the above
> form and if i face any issues in future i will get back to you..
>
>
>
> On Thu, Nov 28, 2013 at 1:33 PM, Francesco Chicchiriccò <
> ilgrosso@apache.org> wrote:
>
>> On 28/11/2013 07:51, Rajeswari Raghunathan wrote:
>>
>>> Hi Team,
>>>
>>> I want to use syncope for our project. In Syncope UI, i could see the
>>> mapping of user and roles. But in my case i want to map user with roles and
>>> department and Organization.
>>> eg user: Test, role:staff, department:Operations,
>>> Organization:Organization
>>>
>>> how can i achieve the above mapping?
>>>
>>> and How can i achieve multiple tenancy with syncope?
>>>
>>
>> Hi,
>> currently Syncope does not allow to easy setup multi-tenant scenarios:
>> this would be available when SYNCOPE-119 [1] will be implemented.
>>
>> In the meanwhile, my suggestion is to empower role hierarchy, e.g. to
>> implement a role tree like as follows:
>>
>> / (Root organization)
>> +--Organization A
>> +--Department 1
>> +--Role 1
>> +--Role 2
>> +--Department 2
>> +--Organization B
>>
>> and so on.
>> You have options to inherit owner, attributes and policies from child
>> role(s), so there is possibility to play with such controls in order to
>> tune this role tree to suit your needs.
>>
>> HTH
>> Regards.
>>
>> [1] https://issues.apache.org/jira/browse/SYNCOPE-119
>>
>> --
>> Francesco Chicchiriccò
>>
>> Tirasa - Open Source Excellence
>> http://www.tirasa.net/
>>
>> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
>> http://people.apache.org/~ilgrosso/
>>
>>
>
Re: Need guidance
Posted by Rajeswari Raghunathan <ra...@crayondata.com>.
Thanks you very much for the fast reply... i will implement in the above
form and if i face any issues in future i will get back to you..
On Thu, Nov 28, 2013 at 1:33 PM, Francesco Chicchiriccò <ilgrosso@apache.org
> wrote:
> On 28/11/2013 07:51, Rajeswari Raghunathan wrote:
>
>> Hi Team,
>>
>> I want to use syncope for our project. In Syncope UI, i could see the
>> mapping of user and roles. But in my case i want to map user with roles and
>> department and Organization.
>> eg user: Test, role:staff, department:Operations,
>> Organization:Organization
>>
>> how can i achieve the above mapping?
>>
>> and How can i achieve multiple tenancy with syncope?
>>
>
> Hi,
> currently Syncope does not allow to easy setup multi-tenant scenarios:
> this would be available when SYNCOPE-119 [1] will be implemented.
>
> In the meanwhile, my suggestion is to empower role hierarchy, e.g. to
> implement a role tree like as follows:
>
> / (Root organization)
> +--Organization A
> +--Department 1
> +--Role 1
> +--Role 2
> +--Department 2
> +--Organization B
>
> and so on.
> You have options to inherit owner, attributes and policies from child
> role(s), so there is possibility to play with such controls in order to
> tune this role tree to suit your needs.
>
> HTH
> Regards.
>
> [1] https://issues.apache.org/jira/browse/SYNCOPE-119
>
> --
> Francesco Chicchiriccò
>
> Tirasa - Open Source Excellence
> http://www.tirasa.net/
>
> ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
> http://people.apache.org/~ilgrosso/
>
>
Re: Need guidance
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 28/11/2013 07:51, Rajeswari Raghunathan wrote:
> Hi Team,
>
> I want to use syncope for our project. In Syncope UI, i could see the
> mapping of user and roles. But in my case i want to map user with
> roles and department and Organization.
> eg user: Test, role:staff, department:Operations,
> Organization:Organization
>
> how can i achieve the above mapping?
>
> and How can i achieve multiple tenancy with syncope?
Hi,
currently Syncope does not allow to easy setup multi-tenant scenarios:
this would be available when SYNCOPE-119 [1] will be implemented.
In the meanwhile, my suggestion is to empower role hierarchy, e.g. to
implement a role tree like as follows:
/ (Root organization)
+--Organization A
+--Department 1
+--Role 1
+--Role 2
+--Department 2
+--Organization B
and so on.
You have options to inherit owner, attributes and policies from child
role(s), so there is possibility to play with such controls in order to
tune this role tree to suit your needs.
HTH
Regards.
[1] https://issues.apache.org/jira/browse/SYNCOPE-119
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
ASF Member, Apache Syncope PMC chair, Apache Cocoon PMC Member
http://people.apache.org/~ilgrosso/