Login Logic

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Login Logic

vladz
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Login Logic

ilgrosso
Administrator
On 2017-03-17 23:06 vladz wrote:

> I hope I am not getting on the wrong track...  But here goes.  Now that
> I've
> worked out the logic for Self-Registration, I am wondering If and How I
> could manage the login process via Syncope.
>
> I have not found any REST methods for "authenticating" the user.  That
> is,
> sending in a combination of user name and password, receiving back an
> identity key or user object.
>
> How can the client app resolve the user stored in syncope via
> self-registration where the app itself does not keep a separate user
> store?

Up to Syncope 2.0.2 (e.g. the current stable version), the only
authentication method supported (at least, by default) is the HTTP Basic
Authentication: this means that each and every REST method invocation
requires an 'Authentication' HTTP header to be sent.
On the Syncope Core, such Authentication header is processed by the
Spring Security components, which verify the passed credentials against
the internal storage.

Starting with Syncope 2.0.3, however, the authentication process is
reviewed, and support for JSON Web Tokens is introduced: the new process
is described at [1]. Syncope 2.0.3 is expected to be release in some
time - say about one month from now.
FYI, the current REST features are described in [2].

Regards.

[1]
https://ci.apache.org/projects/syncope/reference-guide.html#rest-authentication-and-authorization
[2]
https://syncope.apache.org/docs/reference-guide.html#restful-services
--
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
Reply | Threaded
Open this post in threaded view
|

Re: Login Logic

vladz
CONTENTS DELETED
The author has deleted this message.