You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@syncope.apache.org by "Francesco Chicchiriccò (Confluence)" <no...@apache.org> on 2019/09/03 07:40:00 UTC
[CONF] Apache Syncope > Access Management features
There's **1 new edit** on this page
---
|
---
| | [![page icon](cid:page-
icon)](https://cwiki.apache.org/confluence/display/SYNCOPE/Access+Management+features?src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9&src.mail.action=view
"page icon")
---
[Access Management
features](https://cwiki.apache.org/confluence/display/SYNCOPE/Access+Management+features?src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9&src.mail.action=view
"Access Management features")
| | | | | ![](cid:avatar_78b9d98d15f2e9b7250a2887bcf9b144) | | Francesco
Chicchiriccò edited this page
---
|
| | Here's what changed:
---
|
1. 3rd party apps authentication, SSO and authorization:
1. Act as [SAML 2.0](https://en.wikipedia.org/wiki/SAML_2.0) Identity Provider; Integrate via
1. [mod_shib](https://wiki.shibboleth.net/confluence/display/SP3/Apache) (Apache HTTPd)
2. [nginx-http-shibboleth](https://wiki.shibboleth.net/confluence/display/SP3/Nginx) (Nginx)
3. [iis7_shib.dll](https://wiki.shibboleth.net/confluence/display/SP3/IIS) (IIS)
2. Act as [OpenID Connect 1.0](https://openid.net/connect/) Provider, gain [certification](https://openid.net/certification/); integrate via
1. [mod_auth_openidc](https://github.com/zmartzone/mod_auth_openidc) (Apache HTTPd)
2. [nginx-openid-connect](https://github.com/nginxinc/nginx-openid-connect) (Nginx)
3. [Microsoft.AspNetCore.Authentication.OpenIdConnect .Net package](https://docs.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.authentication.openidconnect?view=aspnetcore-2.1) (IIS)
3. Implement the latest version available of the [CAS protocol](https://apereo.github.io/cas/5.3.x/protocol/CAS-Protocol.html); integrate via the various [CAS clients](https://apereo.github.io/cas/5.3.x/planning/Architecture.html#cas-clients) available:
1. Apache HTTPd
2. Nginx
3. Java
4. .NET
5. PHP
6. Perl
7. Python
8. Ruby
2. Standard set of authentication modules, and API to extend / create new ones:
1. [JAAS](https://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service)
2. username / password with different back-ends (DBMS, LDAP, ...)
3. TLS client certificate
4. [Time-based One-time password](https://en.wikipedia.org/wiki/Time-based_One-time_Password_algorithm)
5. SAML 2.0 SP
6. OpenID Connect 1.0 Client
7. Radius
8. Kerberos
9. [U2F](https://en.wikipedia.org/wiki/Universal_2nd_Factor)
10. [WebAuthn](https://en.wikipedia.org/wiki/WebAuthn)
11. ...
3. Authentication chains by combining more authentication modules, similar to Linux's PAM (required, sufficient, requisite, ...)
1. Step-up authentication (e.g. associate level to authentication modules in a chain, and let 3rd party apps require minimum level to access)
2. Multi-factor authentication
4. Authorization
1. Access Policies
1. URL-based
2. grant-based (for JWT)
2. Implement [XACML](https://en.wikipedia.org/wiki/XACML) 3.0
3. Implement [UMA](https://en.wikipedia.org/wiki/User-Managed_Access)
...
---
| | | [Go to page
history](https://cwiki.apache.org/confluence/pages/viewpreviousversions.action?pageId=91554092&src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9 "Go to page
history")
---
---
| [View
page](https://cwiki.apache.org/confluence/display/SYNCOPE/Access+Management+features?src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9&src.mail.action=view)
---
| | [Stop watching
space](https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=SYNCOPE&src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9&src.mail.action=stop-
watching&jwt=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ4c3JmOjhhYTk4MDg3NGUzNmExZWIwMTRlMzZhMmM0MTY3OWI5IiwicXNoIjoiZDI2OWM1OWMwZmU4OWMzNWRhYzg5MTExZmJiYWUyNDljZmQ0NzljNTQ0NTFlZWJkYWY0NzNiYzEzYzNkYmZkOSIsImlzcyI6ImNvbmZsdWVuY2Vfbm90aWZpY2F0aW9uc0FSRUgtWFVEMS1QT1FHLUNTQU8iLCJleHAiOjE1NjgxMDEyMDAsImlhdCI6MTU2NzQ5NjQwMH0.fF-87B9wUMaTqbBYf7DEJJdm_5LULeQqWGFVdnGADwQ)
| •
---|---
[Manage
notifications](https://cwiki.apache.org/confluence/users/editmyemailsettings.action?src=mail&src.mail.product=confluence-
server&src.mail.timestamp=1567496400158&src.mail.notification=com.atlassian.confluence.plugins.confluence-
notifications-batch-plugin%3Abatching-
notification&src.mail.recipient=8aa980874e36a1eb014e36a2c41679b9&src.mail.action=manage)
---
| ![Confluence logo big](cid:footer-desktop-logo)
---
This message was sent by Atlassian Confluence 6.15.8
![](cid:footer-mobile-logo)
---