Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.6.0
    • Server
    • None

    Description

      The KnoxSSO Service is an Apache Jersey based API for providing SSO tokens and flow control. It will initially be used to add an API for WebSSO flows to Web UIs.

      The resulting token will be a JsonWebToken (JWT) that represents the authentication event, the issuer and a number of scopes and claims. This token will need to be cryptographically verifiable through PKI based signature by the receiver and validated as not expired and intended for the requested audience and scope.

      By leveraging the pluggable authentication and federation providers in Knox, KnoxSSO will be able to have its integration composed of any number of integrated solutions.

      The resulting token will always be the same and therefore the receivers will only need to know how to verify, validate and extract the identity information contained within that single context.

      The "knoxsso/websso" URL pattern will be used to facilitate the WebSSO interaction and will require an input of a query parameter called originalURL which indicates the URL to redirect the useragent to after successful authentication. The redirection will be assumed to be a GET to the originalUrl.

      Attachments

        Activity

          People

            lmccay Larry McCay
            lmccay Larry McCay
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: