Reputation: 1293
Single Sign on to secure REST APIs and internal web based system
I need some suggestions on how to secure REST APIs and web based internal system using a single authentication system.
I am looking into the possibility of using:
- oAuth 2.0
- JA-SIG CAS
- Custom Implementation (implement two separate APIs)
- To secure REST APIs and redirect calls to specific API instance
- To authenticate web application users.
Upvotes: 2
Views: 5850
Answers (2)
Reputation: 2699
I assume you have a UI for your webapp and want to share your identity between your webapp and your web service. You can achieve that by :
- "cassifying" your webapp (For example : https://wiki.jasig.org/display/CASC/Configuring+the+Jasig+CAS+Client+for+Java+in+the+web.xml)
- proxifying your calls from your webapp to your web service (https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough).
Upvotes: 4
Reputation: 11943
Here are a few suggestions in how to secure REST APIs. They are related to iPhones but they are generally applicable to client/server REST API implementations. Without more information I don't know how applicable they are, but they might help you out a bit:
Security When Using REST API in an iPhone Application
https://stackoverflow.com/questions/15390354/api-key-alternative/15390892#15390892
Upvotes: 0
Related Questions
- Spring Security with CAS rest (Direct login)
- single sign on for 2 web services
- Single Sign On Implementation by making use of web service
- CAS clients over HTTP
- SSO and REST Api Authentication on multiple Application
- Correct approach to secure the back end service - oAuth
- Single Sign On with CAS server in JAVA
- OAuth + spring security for internal REST communication
- CAS Services ACL
- Simple SSO - using custom authentication - CAS or some Oauth or openid server?