[mitreid-connect] looking for help in authentication customization

Mark Janssen callisto at praseodym.net
Thu Mar 31 09:43:52 EDT 2016


Hi Amit,

I think you'll be best off developing your Spring Security authentication
provider separately and then integrating it into MITREid Connect once it's
stable. There are many resources
<http://projects.spring.io/spring-security/> that can help you get started
with development for Spring Security.

As for MITREid Connect, it shouldn't need the form-login if everything else
is configured correctly.

Regards,
Mark

On Wed, 30 Mar 2016 at 19:52 Amit Pal <apal at noknok.com> wrote:

> Hi Mark,
>
> Thanks for your reply.
> I am still using spring ‘form-login’ element of ‘http' but not sure how do
> I return back to filter when I don’t have the submit action.
> Would it make sense to have a custom AuthenticationEntryPoint and remove
> the ‘form-login’?
> Will it impact MITREid functionality if I remove ‘form-login’?
>
> Thanks,
> Amit
>
> On Mar 30, 2016, at 2:24 AM, Mark Janssen <callisto at praseodym.net> wrote:
>
> Hi Amit,
>
> MITREid Connect uses Spring Security for authentication purposes. You
> should be able to develop an authentication provider for Spring Security
> that implements the custom authentication scheme. This authentication
> provider can then be configured in your MITREid Connect overlay. Aside from
> this, you will need to implement a UserInfoRepository to provide user info
> data to OIDC clients.
>
> Regards,
> Mark
>
> On Wed, 30 Mar 2016 at 04:08 Amit Pal <apal at noknok.com> wrote:
>
>> Hi Everyone,
>>
>> I am looking to replace the username/password based authentication with a
>> custom authentication scheme (FIDO authentication : www.fidoalliance.org
>> <http://ww.fidoalliance.org/>).
>> This custom authentication would be performed by another web app hosted
>> in same container but it would NOT use username/password to authenticate
>> user.
>> It would display QRCode in the browser and user could use its mobile
>> device(already registered) to perform the authentication. Auth response
>> could be fetched by polling the other web app at predefined intervals.
>> The MITREid server would need to parse the success/failure response and
>> then continue its normal flow.
>>
>> Any help is appreciated.
>>
>> Thanks,
>> Amit
>>
>>
>>
>> _______________________________________________
>> mitreid-connect mailing list
>> mitreid-connect at mit.edu
>> http://mailman.mit.edu/mailman/listinfo/mitreid-connect
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20160331/2df432ae/attachment.html


More information about the mitreid-connect mailing list