You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Kevin Minder (JIRA)" <ji...@apache.org> on 2015/04/20 20:56:59 UTC

[jira] [Updated] (KNOX-510) KnoxSSO API

     [ https://issues.apache.org/jira/browse/KNOX-510?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Kevin Minder updated KNOX-510:
------------------------------
    Fix Version/s:     (was: 0.6.0)
                   0.7.0

> KnoxSSO API
> -----------
>
>                 Key: KNOX-510
>                 URL: https://issues.apache.org/jira/browse/KNOX-510
>             Project: Apache Knox
>          Issue Type: Sub-task
>          Components: Server
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.7.0
>
>
> The KnoxSSO Service is an Apache Jersey based API for providing SSO tokens and flow control. It will initially be used to add an API for WebSSO flows to Web UIs.
> The resulting token will be a JsonWebToken (JWT) that represents the authentication event, the issuer and a number of scopes and claims. This token will need to be cryptographically verifiable through PKI based signature by the receiver and validated as not expired and intended for the requested audience and scope.
> By leveraging the pluggable authentication and federation providers in Knox, KnoxSSO will be able to have its integration composed of any number of integrated solutions.
> The resulting token will always be the same and therefore the receivers will only need to know how to verify, validate and extract the identity information contained within that single context.
> The "knoxsso/websso" URL pattern will be used to facilitate the WebSSO interaction and will require an input of a query parameter called originalURL which indicates the URL to redirect the useragent to after successful authentication. The redirection will be assumed to be a GET to the originalUrl.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)