https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132718#M93215 <HTML><HEAD></HEAD><BODY><SPAN>True. We do have an Identity provider server and we are given an API to call it(to obtain, exchange &amp; validate tokens). I am not a SAML expert either. Perhaps we need a&nbsp; few methods(to exchange &amp; validate tokens)in UserEntityManager for developers to override.</SPAN></BODY></HTML> Wed, 10 Apr 2013 17:06:06 GMT rangoo 2013-04-10T17:06:06Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132713#M93210 I am planning to use the Activiti REST app with a Token instead of basic authentication. I extended UserEntityManager to overide&nbsp; checkPassword(String userId, String password)‍I will receive a SAML Token instead of username/password from my REST Clients. so I will have to pass - UserID as null and a Mon, 08 Apr 2013 22:37:38 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132713#M93210 rangoo 2013-04-08T22:37:38Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132714#M93211 <HTML><HEAD></HEAD><BODY><SPAN>Hi,</SPAN><BR /><BR /><SPAN>What do you use to validate the SAML token?</SPAN><BR /><SPAN>Adding a token-based authentication/authorization mechanism to Activiti would be an interesting improvement.</SPAN><BR /><SPAN>Therefore it would be good to know which SAML implementation you are using.</SPAN><BR /><BR /><SPAN>Best regards,</SPAN></BODY></HTML> Tue, 09 Apr 2013 13:58:15 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132714#M93211 trademak 2013-04-09T13:58:15Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132715#M93212 <HTML><HEAD></HEAD><BODY><SPAN>Yes Indeed.&nbsp; We chose Activiti over a commercial product so we can customize our security. We are using SAML 2.0.</SPAN></BODY></HTML> Tue, 09 Apr 2013 16:10:28 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132715#M93212 rangoo 2013-04-09T16:10:28Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132716#M93213 <HTML><HEAD></HEAD><BODY><SPAN>Wouldn't that required an identity provider server whenever you want to use it (my SAML is rusty)?</SPAN><BR /><SPAN>How easy could this be made pluggable?</SPAN><BR /><BR /><SPAN>But yes: saml authentication is something that would be very interesting to have!</SPAN></BODY></HTML> Wed, 10 Apr 2013 14:25:00 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132716#M93213 jbarrez 2013-04-10T14:25:00Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132717#M93214 <HTML><HEAD></HEAD><BODY><SPAN>1: yes, an idp is needed</SPAN><BR /><SPAN>2: pluggable in what way? Different implementations in Activiti?</SPAN></BODY></HTML> Wed, 10 Apr 2013 16:51:58 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132717#M93214 ronald_van_kuij 2013-04-10T16:51:58Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132718#M93215 <HTML><HEAD></HEAD><BODY><SPAN>True. We do have an Identity provider server and we are given an API to call it(to obtain, exchange &amp; validate tokens). I am not a SAML expert either. Perhaps we need a&nbsp; few methods(to exchange &amp; validate tokens)in UserEntityManager for developers to override.</SPAN></BODY></HTML> Wed, 10 Apr 2013 17:06:06 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132718#M93215 rangoo 2013-04-10T17:06:06Z https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132719#M93216 <HTML><HEAD></HEAD><BODY><SPAN>@Ronald and @ rangoo: pluggable in the way that people would specifically be able to turn it on.</SPAN><BR /><BR /><SPAN>I don't know how widespread SAML is these das (I did a consultancy gig 5 years ago on it, and back then it was mostly academical instituations),</SPAN><BR /><SPAN>but it is something that is probably wanted by some people (but i dont have the knowledge anymore)</SPAN></BODY></HTML> Thu, 11 Apr 2013 09:27:11 GMT https://connect.hyland.com/t5/alfresco-archive/restapp-token-validation-instead-of-basic-auth/m-p/132719#M93216 jbarrez 2013-04-11T09:27:11Z