Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Add token based authentication to Activiti

damokles
Champ in-the-making
Champ in-the-making

‎03-20-2012 06:05 AM

As suggested by Daniel Meyer I'll open a discussion for the issue here.

Description

At the moment the only way to sign into the Explorer is via username/password authentication,
we suggest adding a token based authentication to that.
The basic idea is that a you can generate login tokens using the IdentityService, these can
be used e.g., to generate notification E-Mails with a direct login url, or that another
application can request such a token via the REST interface so that the user does not
have to authenticate again.

Of course certain security measures need to be implemented e.g., limited lifetime/uses of a token.

We are willing to provide the implementation if it will be included into Activiti.

Any comments?
Labels:
0 Kudos
11 REPLIES 11

meyerd
Champ on-the-rise
Champ on-the-rise

‎03-27-2012 07:09 AM

the easiest and most efficient way to implement the features requested by damokles would be to implement a token-generation service within activiti itself

As already stated: I do not really see that happening in engine
0 Kudos

ronald_van_kuij
Champ on-the-rise
Champ on-the-rise

‎03-27-2012 08:28 AM

Ad a)
Yes, 2 different usecases, that is why I mentioned the 'link in the email' usecase should just make it possible to finish one specific task. The other one is a real SSO usecase. The latter should be solved by a standard, the former should be solved by a 'very simple token'  (indeed no SAML here) Creating a simple SHA-256 hash over some known data and e.g. a salt and assigning the task to this 'token' solves this issue. In that case you cannot use it to do anything else, just finish this task.  This latter usecase can be easily done in your own code, no need for anything else and no need to add it to Activiti

Ad b) OpenAM is a full solution, which was 'a proposal', just using OpenSAML would require a lot less. Administration in our case (and external ones) never fitted in the Activiti user/group model anyway (remarkably (not!) enough the OpenAM one did since it is really targeted at I&AM), and often there are existing solutions. So we 'just' use the activity engine and no user/group management.

As Daniel stated, I do not see a kind of SSO solution being embedded in the core, including the token for email…
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC