Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RESTApp : Token validation instead of BASIC AUTH

rangoo
Champ in-the-making
Champ in-the-making

‎04-08-2013 06:37 PM

I am planning to use the Activiti REST app with a Token instead of basic authentication. I extended UserEntityManager to overide

  
checkPassword(String userId, String password)

I will receive a SAML Token instead of username/password from my REST Clients. so I will have to pass - UserID as null and a TokenStringinstead of password as there is no method which just accepts single parameter.

1) Should I still  overide checkpassword method although it doesn't look cleaner

OR

2) Should I modify Activiti Engine sources to add another command class. For UserEntityManager  to have a checkToken(String token) Method and  I could change loginResoucre.login method like this

getIdentityService().checkToken instead of pe.getIdentityService().checkPassword(

OR

3) Writing my Own REST App makes sense in my case ? Smiley Happy
 
Suggestions are welcome
Labels:
0 Kudos
6 REPLIES 6

trademak
Star Contributor
Star Contributor

‎04-09-2013 09:58 AM

Hi,

What do you use to validate the SAML token?
Adding a token-based authentication/authorization mechanism to Activiti would be an interesting improvement.
Therefore it would be good to know which SAML implementation you are using.

Best regards,
0 Kudos

rangoo
Champ in-the-making
Champ in-the-making

‎04-09-2013 12:10 PM

Yes Indeed.  We chose Activiti over a commercial product so we can customize our security. We are using SAML 2.0.
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎04-10-2013 10:25 AM

Wouldn't that required an identity provider server whenever you want to use it (my SAML is rusty)?
How easy could this be made pluggable?

But yes: saml authentication is something that would be very interesting to have!
0 Kudos

ronald_van_kuij
Champ on-the-rise
Champ on-the-rise

‎04-10-2013 12:51 PM

1: yes, an idp is needed
2: pluggable in what way? Different implementations in Activiti?
0 Kudos

rangoo
Champ in-the-making
Champ in-the-making

‎04-10-2013 01:06 PM

True. We do have an Identity provider server and we are given an API to call it(to obtain, exchange & validate tokens). I am not a SAML expert either. Perhaps we need a  few methods(to exchange & validate tokens)in UserEntityManager for developers to override.
0 Kudos

jbarrez
Star Contributor
Star Contributor

‎04-11-2013 05:27 AM

@Ronald and @ rangoo: pluggable in the way that people would specifically be able to turn it on.

I don't know how widespread SAML is these das (I did a consultancy gig 5 years ago on it, and back then it was mostly academical instituations),
but it is something that is probably wanted by some people (but i dont have the knowledge anymore)
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC