Hi all, I am working with a team using WSO2 for "micro services"/ restful api using OAuth / JWT.
So to start with we are using CAS 5.2.x customized for Duo to our specs (Thanks Unicon). I am new at this OAuth stuff so forgive me if I have this all wrong... So using this as a start: https://apereo.github.io/cas/5.2.x/installation/OAuth-OpenId-Authentication.html I need to add this to our overlay to begin?: <dependency> <groupId>org.apereo.cas</groupId> <artifactId>cas-server-support-oauth-webflow</artifactId> <version>${cas.version}</version> </dependency> This creates OAuth end points on the CAS server that I can specify/require in my JSON service registry for the OAuth client app? So the flow is this? (Trying to keep Oauth terminology) 1. Resource owner (ie. user) contacts client (Web app or other) 2. Client asks CAS for login creds. 3. CAS defers auth to WSO2 OAuth Gateway for auth 4. WSO2 uses the SAME CAS to Auth 5. Many 302 redirects later... 6. Resource owner sends JWT to client? 7. Client verifies JWT with WSO2 8. WSO2 verifies JWT 9. Client returns data/access to user/resource owner Is this even close? As always, any tips/help/resources appreciated. Bryan University of Utah -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAG9x2GVbu9pqqbRrtwuEzs_xPe9prUoKZorHOzJAM-d9mm3SJA%40mail.gmail.com.
