-
1. Re: PicketLink and multi-tenancy?
anil.saldhana Aug 9, 2011 10:07 AM (in response to wildert)Todd, we want to make it more flexible. We have a feature on this: https://issues.jboss.org/browse/PLFED-203
It is just that we have all these other things to do before we get to making the config flexible.
-
2. Re: PicketLink and multi-tenancy?
wildert Sep 1, 2011 12:27 PM (in response to anil.saldhana)I've done a review of some different open source IDP/SP - If I could make a few recommendations
-Ability to have small farm of servers all driven off of a shared database for configuration / user store
-Ability for an SP to have logical groupings of IDPs
-Ability to make authentication very simple, like maybe a web service method Login(Realm, Username, Password, LogicalIDPGroupName)
-Ability to have a login token string that could be used outside of HTTP, like if they use TCP instead. Like itd be nice to have the login method return a token string as a return value, and that could go into a HTTP cookie but it could be used by application developers as well to get the realm, username and maybe metadata from the token string.
Just some ideas
-
3. Re: PicketLink and multi-tenancy?
anil.saldhana Sep 1, 2011 7:19 PM (in response to wildert)Todd, you are always welcome to become a PL contributor. Some answers:
Feature Request:
-Ability to have small farm of servers all driven off of a shared database for configuration / user store
Answer: I have added the flexibility to have configuration providers. I need to document it. Basically you can create a DBConfigurationProvider that builds the IDPType and SPType.
Feature:
-Ability for an SP to have logical groupings of IDPs
Answer: I am not sure this is good. Because the SP cannot figure out which IDP to go to. Ideally there should be like a IDP load balancer or such that the SP is configured with.
Feature:
-Ability to make authentication very simple, like maybe a web service method Login(Realm, Username, Password, LogicalIDPGroupName)
Answer: More like a programmatic login? I like the idea of having a simple api.
Feature:
-Ability to have a login token string that could be used outside of HTTP, like if they use TCP instead. Like itd be nice to have the login method return a token string as a return value, and that could go into a HTTP cookie but it could be used by application developers as well to get the realm, username and maybe metadata from the token string.
Answer: That token is the SAML construct.