[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] Jetty SSO SAML
|
So is the normal setup with Apache using an add-on for SAML SSO, any
recommendations on which are best?
And on the Jetty side would it be looking for a special HTTP header that
the Apache side adds with the auth info. Or a cookie. Presumably
encrypted?
Thanks for the pointers to get me started down the right path.
Padraic
From: Cantor, Scott <cantor.2@xxxxxxx>
Subject: Re: [jetty-users] Jetty SSO SAML
Date: 2021-10-14 08:25 EDT
On 10/13/21, 6:00 PM, "jetty-users on behalf of Padraic Renaghan via
jetty-users" <jetty-users-bounces@xxxxxxxxxxx on behalf of
jetty-users@xxxxxxxxxxx> wrote:
Anyway, looking for pointers on setting up SAML SSO Single Sign-On
with
Jetty.
The best option is Apache in front because that allows the use of more
compliant and properly designed SAML SPs. The second best is probably
pac4j as a solution, but there are no "standard" ways to do SAML in
Java because there are no standard ways to do server-side web
authentication in Java other than the worst one of all, which was JAAS
(a desktop standard mis-applied to servers).
-- Scott