[mitreid-connect] protecting authorize endpoint
Justin Richer
jricher at mit.edu
Thu Aug 20 09:47:47 EDT 2015
As it says in the paragraph of documentation that you quoted below, it’s protected the same way that the rest of the UI is protected. This is handled in the main <security:http> block in user-context.xml.
— Justin
> On Aug 20, 2015, at 9:45 AM, Zhanna Tsitkov <tsitkova at mit.edu> wrote:
>
> Hi,
> According to the documentation for configure method of
> AuthorizationServerConfigurer
> interface
> "
>
>
>
>
>
> * The /oauth/authorize endpoint also needs to be secure, but that is a normal user-facing endpoint and should be
>
> * secured the same way as the rest of your UI, so is not covered here. The default settings cover the most common
>
> * requirements, following recommendations from the OAuth2 spec, so you don't need to do anything here to get a
>
> * basic server up and running.
> "
> In MitreID Connect it looks like this EP is not explicitly protected. How it is done?
> Thanks,
> Zhanna
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150820/018c8bcb/attachment.html
More information about the mitreid-connect
mailing list