You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Alexander Klimetschek (JIRA)" <ji...@apache.org> on 2016/01/15 03:51:39 UTC
[jira] [Comment Edited] (OAK-3886) Support custom Credentials types
in external identity providers
[ https://issues.apache.org/jira/browse/OAK-3886?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15101099#comment-15101099 ]
Alexander Klimetschek edited comment on OAK-3886 at 1/15/16 2:51 AM:
---------------------------------------------------------------------
This could be added in a non-breaking, opt-in way by adding a new interface:
{code}
public interface CustomCredentialsIdentityProvider extends ExternalIdentityProvider {
Set<Class> getSupportedCredentials();
}
{code}
and then changing ExternalLoginModule.getSupportedCredentials() to this:
{code}
protected Set<Class> getSupportedCredentials() {
if (idp instanceof CustomCredentialsIdentityProvider) {
return ((CustomCredentialsIdentityProvider) idp).getSupportedCredentials();
} else {
Class scClass = SimpleCredentials.class;
return Collections.singleton(scClass);
}
}
{code}
I quickly tested something like this successfully. The ExternalLoginModule otherwise has no requirement that it's a SimpleCredentials. Only createAuthInfo() does an {{instanceof SimpleCredentials}}, but that looks very optional.
was (Author: alexander.klimetschek):
This could be added in a non-breaking, opt-in way by adding a new interface:
{code}
public interface CustomCredentialsIdentityProvider extends ExternalIdentityProvider {
Set<Class> getSupportedCredentials();
}
{code}
and then changing ExternalLoginModule.getSupportedCredentials() to this:
{code}
protected Set<Class> getSupportedCredentials() {
if (idp instanceof CustomCredentialsIdentityProvider) {
return ((CustomCredentialsIdentityProvider) idp).getSupportedCredentials();
} else {
Class scClass = Credentials.class;
return Collections.singleton(scClass);
}
}
{code}
I quickly tested something like this successfully. The ExternalLoginModule otherwise has no requirement that it's a SimpleCredentials. Only createAuthInfo() does an {{instanceof SimpleCredentials}}, but that looks very optional.
> Support custom Credentials types in external identity providers
> ---------------------------------------------------------------
>
> Key: OAK-3886
> URL: https://issues.apache.org/jira/browse/OAK-3886
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Components: auth-external
> Reporter: Alexander Klimetschek
>
> Currently, the ExternalLoginModule [only supports SimpleCredentials|https://github.com/apache/jackrabbit-oak/blob/cc78f6fdd122d1c9f200b43fc2b9536518ea996b/oak-auth-external/src/main/java/org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModule.java#L415-L419].
> As the TODO says, it would be good to allow the ExternalIdentityProvider specify the supported types, in case they have custom authentication schemes that don't fit the username + password pattern of the SimpleCredentials.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)