You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Sergey Beryozkin <sb...@gmail.com> on 2012/11/14 11:46:04 UTC
Re: OAuth2 with Oracle Access Manager
Hi John,
thanks for your query, I'm CC-ing to the users list, I think it can be
of interest to the users who've started playing with CXF OAuth2 module.
On 14/11/12 07:08, John Bright wrote:
> Hi Sergey,
>
> Could you please provide me some examples on how to use oAuth 2.0 in CXF
> with Oracle Access Manager...
Colm and myself worked on getting a server-side support for SAML2 Web
SSO profile:
http://cxf.apache.org/docs/saml-web-sso.html
Colm has tested it against many Identity Providers, and thus our
expectations are that the CXF service provider code is very compliant.
We haven't tested against OAM but I'm assuming it can act as SAML2
Identity Provider and very likely CXF will work with OAM.
Now, we have this demo:
https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2/sso-saml
It shows how to use CXF OAuth2 and Web SSO SAML2 support together.
Shibboleth is used as the identity provider.
We'll get to supporting OAuth2-'aware' SAML2 assertions via RS and
possibly WS paths, I guess early in 2013
>
> Also, can I use only OAuth2.0 in CXF without OAM ?
>
https://github.com/Talend/tesb-rt-se/tree/master/examples/cxf/jaxrs-oauth2/
is the simpler/original version of the same demo
HTH, Sergey
> --
> Thanks and Regards
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
> John Bright. J
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> - - -
Re: OAuth2 with Oracle Access Manager
Posted by Sergey Beryozkin <sb...@gmail.com>.
On 16/11/12 07:27, jbright wrote:
> I do have a question, since I was following your note below:
>
> I will have the credentials in the message payload itself. So If I validate
> that in the service code itself, how does the request get redirected in case
> of validation failure.
>
I'm assuming you are talking about the part where the end-user has been
initially redirected from the client web application back to the
resource server.
So we must be talking about the credentials of the end user who is now
sitting in front of the browser (assuming we are talking about the
authorization code flow) given that the end user needs to authenticate.
Is that the case ? If yes, then at this stage no application service
code is involved yet, can you clarify please what do you mean by "the
credentials in the message payload itself. So If I validate
that in the service code itself" ?
Thanks, Sergey
>
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Re-OAuth2-with-Oracle-Access-Manager-tp5718431p5718580.html
> Sent from the cxf-user mailing list archive at Nabble.com.
Re: OAuth2 with Oracle Access Manager
Posted by jbright <jo...@gmail.com>.
I do have a question, since I was following your note below:
I will have the credentials in the message payload itself. So If I validate
that in the service code itself, how does the request get redirected in case
of validation failure.
--
View this message in context: http://cxf.547215.n5.nabble.com/Re-OAuth2-with-Oracle-Access-Manager-tp5718431p5718580.html
Sent from the cxf-user mailing list archive at Nabble.com.