Uploaded image for project: 'Identity Provider'
  1. Identity Provider
  2. IDP-961

Use of IdP's authentication flow to protect itself

    XMLWordPrintable

    Details

      Description

      The IdP needs a way to protect its own administrative features (few of which currently exist) with the authentication layer it uses for the SSO protocols. This is about the only web application I would ever argue should "do" authentication itself.

      Some kind of hook for authz would be desirable, but I would be very hesitant to build it out beyond an interface so that we're not reinventing that wheel right now. Something like what I already built for that might be workable, don't know yet.

      It would be simple to just prototype how a particular webflow could call into the authentication layer for its own use. Maybe that's good enough. It seems weird to think about adding some kind of additional "session" with the IdP to access its own features and not just use the one we have for SSO.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cantor.2@osu.edu Scott Cantor
                Reporter:
                cantor.2@osu.edu Scott Cantor
              • Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 weeks
                  2w
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days, 7 hours, 15 minutes Time Not Required
                  2d 7h 15m