[Koha-bugs] [Bug 24539] Build generic authentication module interface
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 27 19:00:41 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=24539
--- Comment #13 from mark.jaroski at gmail.com ---
My comment here is pretty tangential to the auth framework idea and is more
about authentication methods in general.
-------------------------------------------------------------------------------
For what it's worth I think that people weren't happy with mod_auth_mellon
mainly because the documentation was limited, and for a long time liblasso
didn't support SHA-256 signatures.
Both of those issues are fixed now: liblasso has improved a lot and RedHat
provided excellent documentation. So I don't think SAML2 is quite dead yet.
That said most people seem to prefer OAuth2 flows.
The problem there is that OAuth2 was meant for Authorization (AuthZ) as opposed
to Authentication (AuthN), so using most of the flows for AuthN is
pseudo-authentication, and is technically incorrect, since the IDP *doesn't*
certify that the user in the flow is any particular user just that they have
the right to grant access to a particular resource.
In the openid scope, and especially in the pure OpenID-Connect flow the IDP
*does* certify that that the user is who they say they are.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list