XWiki Platform

Add SAML authentication

Details

  • Type: New Feature New Feature
  • Status: Open Open
  • Priority: Minor Minor
  • Resolution: Unresolved
  • Affects Version/s: None
  • Fix Version/s: None
  • Component/s: Authentication
  • Labels:
    None
  • keywords:
    SAML authentication
  • Similar issues:
    XWIKI-6385Add support for nickserv authentication
    XWIKI-1988A class for support more than one authentication method configured at same time
    XWIKI-6750Add a trusted+LDAP SSO authenticator
    XWIKI-2264LDAP authentication does not support "." in login names
    XWIKI-3018Add a generic HTTP header based authenticator
    XWIKI-2515Add group exclusion filter in LDAP authentication
    XWIKI-3543Add the support for authentication through URIs in REST API
    XWIKI-1133New Groovy scripted authentication service
    XWIKI-2119Authentication fails with current tomcat versions
    XWIKI-2215LDAP Authenticator should add proper error message in the context when authentication fail

Description

SAML is a standardized language/protocol for authentication, developed by OASIS.

First, XWiki should be a valid SAML client.
Second, XWiki should be a valid SAML server.

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Sergiu Dumitriu added a comment -

We can use OpenSAML for this.

Show
Sergiu Dumitriu added a comment - We can use OpenSAML for this.
Hide
Permalink
Sergiu Dumitriu added a comment -

Or we can use Shibboleth for this. TWiki already supports this.

Show
Sergiu Dumitriu added a comment - Or we can use Shibboleth for this. TWiki already supports this.
Hide
Permalink
Aaron Hamid added a comment -

I followed a link from SSO Support project (http://www.xwiki.org/xwiki/bin/view/GoogleSummerOfCode/SSOSupport), so this comment is related to SSO in general, not just SAML (I could not find another issue on SSO).

You might want to take a look at CAS:

Central Authentication System

http://www.ja-sig.org/products/cas/

It is Java-based, has very good Spring integration, and is widely used by educational institutions (in production). It is also strictly a central authentication system...not a complete identity management suite, which makes it simpler to add to an existing application (it can of course be integrated with existing identity management services, but authorization is typically left up to the application).

Show
Aaron Hamid added a comment - I followed a link from SSO Support project ( http://www.xwiki.org/xwiki/bin/view/GoogleSummerOfCode/SSOSupport ), so this comment is related to SSO in general, not just SAML (I could not find another issue on SSO). You might want to take a look at CAS: Central Authentication System http://www.ja-sig.org/products/cas/ It is Java-based, has very good Spring integration, and is widely used by educational institutions (in production). It is also strictly a central authentication system...not a complete identity management suite, which makes it simpler to add to an existing application (it can of course be integrated with existing identity management services, but authorization is typically left up to the application).

People

  • Assignee:
    Unassigned
    Reporter:
    Sergiu Dumitriu
Vote (1)
Watch (1)

Dates

  • Created:
    Updated:
    Date of First Response: