SSO authentication for REST API calls
Cantor, Scott
cantor.2 at osu.edu
Wed May 4 11:03:08 EDT 2016
> Scott, you triggred my curiosity, can I ask for a brief summary (or the general
> idea) of what was implemented ?
It's documented in generally unreadable fashion in [1]. It's "just" recursive ECP to implement delegation. The recursive call to the IdP was over-engineered because of WS-* at the time and I'd do it more simply today, but it's largely moot.
When and if we do OAuth, it will not be bearer based though, at least not the interaction with the IDP. That's inexcusable for a server-side security flow.
-- Scott
[1] https://spaces.internet2.edu/display/ShibuPortal/Home
More information about the users
mailing list