You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2016/01/15 03:51:39 UTC

[jira] [Comment Edited] (OAK-3886) Support custom Credentials types in external identity providers

    [ https://issues.apache.org/jira/browse/OAK-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15101099#comment-15101099 ] 

Alexander Klimetschek edited comment on OAK-3886 at 1/15/16 2:51 AM:
---------------------------------------------------------------------

This could be added in a non-breaking, opt-in way by adding a new interface:
{code}
public interface CustomCredentialsIdentityProvider extends ExternalIdentityProvider {
    Set<Class> getSupportedCredentials();
}
{code}

and then changing ExternalLoginModule.getSupportedCredentials() to this:
{code}
protected Set<Class> getSupportedCredentials() {
    if (idp instanceof CustomCredentialsIdentityProvider) {
        return ((CustomCredentialsIdentityProvider) idp).getSupportedCredentials();
    } else {
        Class scClass = SimpleCredentials.class;
        return Collections.singleton(scClass);
    }
}
{code}

I quickly tested something like this successfully. The ExternalLoginModule otherwise has no requirement that it's a SimpleCredentials. Only createAuthInfo() does an {{instanceof SimpleCredentials}}, but that looks very optional.


was (Author: alexander.klimetschek):
This could be added in a non-breaking, opt-in way by adding a new interface:
{code}
public interface CustomCredentialsIdentityProvider extends ExternalIdentityProvider {
    Set<Class> getSupportedCredentials();
}
{code}

and then changing ExternalLoginModule.getSupportedCredentials() to this:
{code}
protected Set<Class> getSupportedCredentials() {
    if (idp instanceof CustomCredentialsIdentityProvider) {
        return ((CustomCredentialsIdentityProvider) idp).getSupportedCredentials();
    } else {
        Class scClass = Credentials.class;
        return Collections.singleton(scClass);
    }
}
{code}

I quickly tested something like this successfully. The ExternalLoginModule otherwise has no requirement that it's a SimpleCredentials. Only createAuthInfo() does an {{instanceof SimpleCredentials}}, but that looks very optional.

> Support custom Credentials types in external identity providers
> ---------------------------------------------------------------
>
>                 Key: OAK-3886
>                 URL: https://issues.apache.org/jira/browse/OAK-3886
>             Project: Jackrabbit Oak
>          Issue Type: Improvement
>          Components: auth-external
>            Reporter: Alexander Klimetschek
>
> Currently, the ExternalLoginModule [only supports SimpleCredentials|https://github.com/apache/jackrabbit-oak/blob/cc78f6fdd122d1c9f200b43fc2b9536518ea996b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java#L415-L419].
> As the TODO says, it would be good to allow the ExternalIdentityProvider specify the supported types, in case they have custom authentication schemes that don't fit the username + password pattern of the SimpleCredentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)