Allow for third-party reuse of Nuxeo authentication system

[mkalam-alami]

• Goal: Being able to access information on Nuxeo from distinct applications, by authenticating as a specific user.
• Needs: Choose one or more authentication methods, and the technologies we can use for our different client applications
• Use cases:
  • FraSCAti Studio (for EasySOA Light)
  • SOA monitoring subscription app (by @wilfried2006), a priori with Play Framework
  • Node app (for which features? prototypes?)

    Nuxeo Authentication

Given the Nuxeo capabilities, the possibilities are:

• Authentication via Nuxeo
  • Basic HTTP Auth. (with HTTPS reverse-proxy to ensure security)
  • Nuxeo as OAuth provider
  • Nuxeo SSO (see this page)
• Authentication via a shared service
  • Shibboleth
  • CAS2
• Host all the applications on Nuxeo

[mkalam-alami]

Node.js + OAuth authentication

A minimal working example is available here.

[tiry]

You should have a look at portal_sso.

This is a plugin that is designed to have an external application (like a portal) calling Nuxeo on the behalf of a user. This is based on a shared secret between the 2 apps, but on Nuxeo side the code is executed under the security context of the remote interactive user. Of course, this requires all application to share the same user database/LDAP.

Is that what you are looking for ?

Tiry

[mkalam-alami]

Yes this could fit our needs too, thanks for the info.

[tiry]

Just ping me if you need help. This portal_sso system is already integrated in Nuxeo Automation Client java lib : so this should be completly transparent if remote apps calling Nuxeo uses Automation.

Of course, OAuth is also an option, but it requires a little bit more work.