RE: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-16 Thread Santhosh Edukulla
v@cloudstack.apache.org Subject: Re: [PROPOSAL] OAuth2 Single SignOn Integration @Rohit Yadav I know OAuth2 is tricky and the protocol was designed for authorization, not authentication. But Globo.com, like many companies, use OAuth2 for authentication. So, SAML is not a option to me. I need to integrat

Re: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-16 Thread Sebastien Goasguen
On Jul 15, 2014, at 2:50 PM, Silvano Nogueira Buback wrote: > @Rohit Yadav > I know OAuth2 is tricky and the protocol was designed for authorization, > not authentication. But Globo.com, like many companies, use OAuth2 for > authentication. So, SAML is not a option to me. I need to integrate wi

Re: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-15 Thread Silvano Nogueira Buback
@Rohit Yadav I know OAuth2 is tricky and the protocol was designed for authorization, not authentication. But Globo.com, like many companies, use OAuth2 for authentication. So, SAML is not a option to me. I need to integrate with internal tools at Globo, and these tools work only with OAuth2. @Seb

Re: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-15 Thread David Nalley
https://oltu.apache.org <-- maybe as a starting place. On Tue, Jul 15, 2014 at 3:25 AM, Sebastien Goasguen wrote: > Silvano, > > Seems to me you are doing it for browser based dashboard access only ? > > How about if I want to use the API straight up, how do you integrate an Oauth > workflow the

Re: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-15 Thread Sebastien Goasguen
Silvano, Seems to me you are doing it for browser based dashboard access only ? How about if I want to use the API straight up, how do you integrate an Oauth workflow there ? On Jul 15, 2014, at 1:35 AM, Santhosh Edukulla wrote: > Hi Silvano, > > Few Notes: > > 1. We had implementation det

RE: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-14 Thread Santhosh Edukulla
Hi Silvano, Few Notes: 1. We had implementation details mentioned i believe, but we didn't mentioned the design details and workflows. 2. We didn't mentioned whether it is 2 legged flow or 3 legged flow. 3. Not clear with this statement, "Once user is authorized by oauth2 server, javascript co

Re: [PROPOSAL] OAuth2 Single SignOn Integration

2014-07-14 Thread Rohit Yadav
Hi Silvano, Thanks for sharing your work. Is it already complete or work in progress? OAuth2 is tricky, as it (the spec and general implementation) leaves out room for token assertion/validation mechanism, communication between resource server and auth server, and it's dependent on the authorizi