[mitreid-connect] looking for help in authentication customization
Justin Richer
jricher at mit.edu
Fri Apr 1 12:00:20 EDT 2016
+1 to Mark’s suggestions. There are many production deployments that don’t use the login form or the username/password primary authentication mechanism at all. This is one of the ways that we’ve explicitly made the project extensible.
— Justin
> On Mar 31, 2016, at 9:43 AM, Mark Janssen <callisto at praseodym.net> wrote:
>
> Hi Amit,
>
> I think you'll be best off developing your Spring Security authentication provider separately and then integrating it into MITREid Connect once it's stable. There are many resources <http://projects.spring.io/spring-security/> that can help you get started with development for Spring Security.
>
> As for MITREid Connect, it shouldn't need the form-login if everything else is configured correctly.
>
> Regards,
> Mark
>
> On Wed, 30 Mar 2016 at 19:52 Amit Pal <apal at noknok.com <mailto:apal at noknok.com>> wrote:
> Hi Mark,
>
> Thanks for your reply.
> I am still using spring ‘form-login’ element of ‘http' but not sure how do I return back to filter when I don’t have the submit action.
> Would it make sense to have a custom AuthenticationEntryPoint and remove the ‘form-login’?
> Will it impact MITREid functionality if I remove ‘form-login’?
>
> Thanks,
> Amit
>
>> On Mar 30, 2016, at 2:24 AM, Mark Janssen <callisto at praseodym.net <mailto:callisto at praseodym.net>> wrote:
>>
>> Hi Amit,
>>
>> MITREid Connect uses Spring Security for authentication purposes. You should be able to develop an authentication provider for Spring Security that implements the custom authentication scheme. This authentication provider can then be configured in your MITREid Connect overlay. Aside from this, you will need to implement a UserInfoRepository to provide user info data to OIDC clients.
>>
>> Regards,
>> Mark
>>
>> On Wed, 30 Mar 2016 at 04:08 Amit Pal <apal at noknok.com <mailto:apal at noknok.com>> wrote:
>> Hi Everyone,
>>
>> I am looking to replace the username/password based authentication with a custom authentication scheme (FIDO authentication : www.fidoalliance.org <http://ww.fidoalliance.org/>).
>> This custom authentication would be performed by another web app hosted in same container but it would NOT use username/password to authenticate user.
>> It would display QRCode in the browser and user could use its mobile device(already registered) to perform the authentication. Auth response could be fetched by polling the other web app at predefined intervals.
>> The MITREid server would need to parse the success/failure response and then continue its normal flow.
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Amit
>>
>>
>>
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu <mailto:mitreid-connect at mit.edu>
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect <http://mailman.mit.edu/mailman/listinfo/mitreid-connect>
>
> _______________________________________________
> mitreid-connect mailing list
> mitreid-connect at mit.edu
> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160401/003cc5af/attachment.html
More information about the mitreid-connect
mailing list