You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2017/06/26 15:48:25 UTC
Docs Query
Hi all,
The docs state that "[pac4j] must be used for SSO, in association with the
KnoxSSO service and optionally with the SSOCookieProvider for access to
REST APIs.":
http://knox.apache.org/books/knox-0-12-0/user-guide.html#Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect
However, I can use the "knoxauth" application with the KnoxSSO service to
authenticate users to the local LDAP without using pac4j at all.
I think it probably be more accurate to say that one or the other must be
used for KnoxSSO. Is this correct? If so I'll update the docs.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Docs Query
Posted by Colm O hEigeartaigh <co...@apache.org>.
Great thanks!
Colm.
On Mon, Jun 26, 2017 at 5:15 PM, larry mccay <lm...@apache.org> wrote:
> Interesting point, Colm.
>
> I think the original text was not a limiting statement on SSO but instead
> on pac4j provider.
> Most if not all of the mechanisms available through pac4j are browser
> based and as such not really appropriate for use as a federation provider
> for the REST APIs in a generic way.
>
> We should try and make that more clear if need be.
>
> You can actually use many of the authentication/federation providers with
> KnoxSSO - even the simplest HTTP Basic with LDAP or even Header based
> PreAuth.
>
> I will take a look at those docs and see if it can better articulate what
> is intended there.
>
>
> On Mon, Jun 26, 2017 at 11:48 AM, Colm O hEigeartaigh <coheigea@apache.org
> > wrote:
>
>> Hi all,
>>
>> The docs state that "[pac4j] must be used for SSO, in association with the
>> KnoxSSO service and optionally with the SSOCookieProvider for access to
>> REST APIs.":
>>
>> http://knox.apache.org/books/knox-0-12-0/user-guide.html#Pac
>> 4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect
>>
>> However, I can use the "knoxauth" application with the KnoxSSO service to
>> authenticate users to the local LDAP without using pac4j at all.
>>
>> I think it probably be more accurate to say that one or the other must be
>> used for KnoxSSO. Is this correct? If so I'll update the docs.
>>
>> Colm.
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Docs Query
Posted by larry mccay <lm...@apache.org>.
Interesting point, Colm.
I think the original text was not a limiting statement on SSO but instead
on pac4j provider.
Most if not all of the mechanisms available through pac4j are browser based
and as such not really appropriate for use as a federation provider for the
REST APIs in a generic way.
We should try and make that more clear if need be.
You can actually use many of the authentication/federation providers with
KnoxSSO - even the simplest HTTP Basic with LDAP or even Header based
PreAuth.
I will take a look at those docs and see if it can better articulate what
is intended there.
On Mon, Jun 26, 2017 at 11:48 AM, Colm O hEigeartaigh <co...@apache.org>
wrote:
> Hi all,
>
> The docs state that "[pac4j] must be used for SSO, in association with the
> KnoxSSO service and optionally with the SSOCookieProvider for access to
> REST APIs.":
>
> http://knox.apache.org/books/knox-0-12-0/user-guide.html#
> Pac4j+Provider+-+CAS+/+OAuth+/+SAML+/+OpenID+Connect
>
> However, I can use the "knoxauth" application with the KnoxSSO service to
> authenticate users to the local LDAP without using pac4j at all.
>
> I think it probably be more accurate to say that one or the other must be
> used for KnoxSSO. Is this correct? If so I'll update the docs.
>
> Colm.
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>