将OpenAm配置为中间身份验证REST服务,该服务使用另一个服务进行身份验证 [英] Configuration OpenAm as an intermediate authentication REST-service which uses another service to authenticate
问题描述
我有一个非常有趣且艰巨的任务.我需要实现下一个身份验证链.
I have a really interesting and difficult task. What I need is to realise next authentication chain.
想象一下,您有一个安全的应用程序,让它成为Java Spring Boot应用程序,但这没关系.身份验证流程将是下一个:
Imagin, that you have a secured application, lets it's going to be java Spring Boot app, but it's not matter. And the authentication flow is going to be next:
- 用户第一次进入我的Spring Boot应用程序并查看登录表单.
- 用户键入他的用户名和密码.
- 我的应用获取这些数据并将REST请求发送到openAm实例.
- OpenAm实例接收请求,获取用户凭据并通过SAML将另一个身份验证请求发送到另一个身份服务.
- 如果身份服务说该用户存在,OpenAm将配置JWT-Token并将其发送回我的应用程序作为响应.
- 我的应用程序将此JWT发送回客户端,客户端将这个jwt-token与每个下一个请求一起发送到我的后端,以验证此令牌.
我的问题是我是SSO和OpenAm特别的新手.但是,我已经完成的工作是将两个OpenAm实例创建了实例.一个用作Identity Server,第二个用作Service Provider.但是我不知道下一步该怎么做.
My problem is that I am new in SSO and OpenAm particulary. But what I'v already done is I cinfigured two instances of OpenAm. One works as Identity Server, and the second works as Service Provider. But I have no idea what to do next.
如何配置充当服务提供者的OpenAm实例,使其能够使用用户凭据接收简单的REST请求,然后通过SAML将其发送给身份提供者?甚至有可能实施我的案子?
How to configure OpenAm instance which works as Service Provider to be able to recieve simple REST request with user credentials and send it to Identity Provider via SAML next? And is it even possible to implement my case?
谢谢!
推荐答案
当您使用基于OpenAM REST的身份验证时,此方法不起作用,但是当您仅使用OpenAM从您的App中进行SSO时,此方法将起作用.通过SAML或OIDC或REST SSO调用.然后,OpenAM可以充当联邦枢纽".在OpenAM上,您可以通过SAML或OIDC将身份验证委派到实际发生身份验证的上游IdP.
This does not work when you use OpenAM REST based authentication, however it would work when you just do SSO from your App with OpenAM ,e.g. via SAML or OIDC or REST SSO call. OpenAM could then act as a 'federation hub'. At OpenAM you can delegate the Authentication via SAML or OIDC to an upstream IdP where the actual authentication happens.
这篇关于将OpenAm配置为中间身份验证REST服务,该服务使用另一个服务进行身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
