Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Better support for prompt=none with external IdPs #194

Closed
DonMartin76 opened this issue May 10, 2019 · 1 comment
Closed

Better support for prompt=none with external IdPs #194

DonMartin76 opened this issue May 10, 2019 · 1 comment
Labels
enhancement
Milestone
1.0.0-rc.5

Comments

@DonMartin76
Copy link
Member

Right now, the wicked Auth Server does not even try to do a headless authentication with external identity providers if it does not have a session with the user agent. In some cases, identity providers do support "remember me" kind of features, or very long lived sessions, which allow a user to automatically log in even if there is no session anymore.

Google is such an example, and also many other OAuth2 identity providers. Also SAML2 supports "isPassive" mode for headless authentication.

It should be possible for wicked's Authorization Server, if it receives an authorization request with prompt=none set, to delegate the non-interactive login attempt to other identity providers, even if it does not have a session with the user agent.

Google: Supports prompt=none
SAML2: Supports something similar, isPassive mode
Other OAuth2 providers may also support "prompt=none" mode
@DonMartin76 DonMartin76 added this to the 1.0.0-rc.5 milestone May 10, 2019
DonMartin76 added a commit to apim-haufe-io/wicked.auth that referenced this issue May 10, 2019
@DonMartin76
Part implementation of Haufe-Lexware/wicked.haufe.io#194
1783189 
Support for prompt=... for oauth2 and google identity providers.
DonMartin76 added a commit to apim-haufe-io/wicked.auth that referenced this issue May 10, 2019
@DonMartin76
Support prompt=none for SAML2
f13761e 
- Concludes fix of Haufe-Lexware/wicked.haufe.io#194 so far
@DonMartin76
Copy link
Member Author

Implemented for:

  • Google
  • Generic OAuth2 IdPs
  • SAML2 (using isPassive)

maksimlikharev pushed a commit to clarivate/wicked.auth that referenced this issue May 10, 2019
@santokhsingh
More Oauth2 password grant changes (#14)
adc8b3c 
* Bug fixes in OAuth2 generic password grant. Implemented OAuth2 standard way of posting payload and content type

* Support prompt=none for SAML2

- Concludes fix of Haufe-Lexware/wicked.haufe.io#194 so far
DonMartin76 added a commit to apim-haufe-io/wicked.kickstarter that referenced this issue May 11, 2019
@DonMartin76
Support doesNotSupportPrompt in Kickstarter
3b8e0c5 
- Should finalize Haufe-Lexware/wicked.haufe.io#194
maksimlikharev pushed a commit to clarivate/wicked.auth that referenced this issue Jun 7, 2019
sync 06/06/2019 (#16)
e58889d 
* Bug fixes in OAuth2 generic password grant. Implemented OAuth2 standard way of posting payload and content type

* Support prompt=none for SAML2

- Concludes fix of Haufe-Lexware/wicked.haufe.io#194 so far

* Bump to version 1.0.0-rc.5

* Redirect with error instead of displaying error in auth server
- This is important for getting login denials correctly to clients

* Bump to version 1.0.0-rc.6
maksimlikharev pushed a commit to clarivate/wicked.kickstarter that referenced this issue Jun 7, 2019
sync 06/06/2019 (#11)
e7bc357 
* Update jQuery to 3.4.1

* Support doesNotSupportPrompt in Kickstarter

- Should finalize Haufe-Lexware/wicked.haufe.io#194

* Bump to version 1.0.0-rc.5

* Bump to version 1.0.0-rc.6
maksimlikharev pushed a commit to clarivate/wicked.kickstarter that referenced this issue Jul 29, 2019
Sync 07 29 2019 (#12)
9da974d 
* Update jQuery to 3.4.1

* Support doesNotSupportPrompt in Kickstarter

- Should finalize Haufe-Lexware/wicked.haufe.io#194

* Bump to version 1.0.0-rc.5

* Bump to version 1.0.0-rc.6

* Bump to version 1.0.0-rc.7

* Kickstarter support for LDAP auth method

- Part of Haufe-Lexware/wicked.haufe.io#126

* Add support for username/password prompt tweaking
... also for "external" auth methods

* Bump to version 1.0.0-rc.8
maksimlikharev pushed a commit to clarivate/wicked.auth that referenced this issue Jul 29, 2019
Sync 07 29 2019 (#17)
44adf8e 
* Bug fixes in OAuth2 generic password grant. Implemented OAuth2 standard way of posting payload and content type

* Support prompt=none for SAML2

- Concludes fix of Haufe-Lexware/wicked.haufe.io#194 so far

* Bump to version 1.0.0-rc.5

* PassthroughScopeResponse is not checked properly for password grant and the error message displayed was always generic i.e. 500, "Internal Server" error

* Redirect with error instead of displaying error in auth server
- This is important for getting login denials correctly to clients

* Bump to version 1.0.0-rc.6

* added support for retrieving userProfile from profileEndpoint

* Bump to version 1.0.0-rc.7

* Add login to docker hub

* LDAP Support for the wicked Auth Server

- Main implementation of Haufe-Lexware/wicked.haufe.io#126

* Bump to version 1.0.0-rc.8

* Correct to wicked:wicked owner in Docker image

* Also pass on auth_method to scope request (might be useful)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.0.0-rc.5
Development

No branches or pull requests
1 participant
@DonMartin76