Reputation: 6809
Can apache Shiro be used to build an Identity Provider?
I am looking with Apache shrio framework. Looking at it authentication and authorization features can i build Identity server provider using shrio framework.
Is it possible to have features like,
- Single Sign On
- SAML support
- Federation based on attributes
Do we need to write everything from scratch or shrio has some API's to handle such kind of features.
I read the documentation where they say about having SSO features based on Sharing of user session with multiple organizations . But i did not see any direct support API's to handle this.
To act as an IDP what shrio gives and what it does not support?
Please suggest.
Thanks, Sohan
Upvotes: 3
Views: 3021
Answers (1)
Reputation: 1256
Shiro is a security layer that sits in front of your application. It is a security framework for a (SP) Service Provider that will issue an Authentication Request to your IdP (Identity Provider).
Open source IdP implementations that support SAML:
This Stack Overflow question covers a way to use SAML to authenticate your user before they reach the application and provide the user's credentials as part of a http header.
Integrating Java Web App with SAML SSO
An alternative to installing and maintaining your own IdP.
The cost of developing, securing, and maintaining your own identity provider are likely much higher than paying a monthly fee.
Upvotes: 1
Related Questions
- Apache Shiro combined with LDAP
- Apache Shiro and SSO
- does apache shiro supports user groups concept?
- Apache shiro + kerberos authentication
- Can I integrate Apache Shiro and CAS and WS02 Identity Server
- Is Apache Shiro correct choice for my case?
- SAML Identity Provider with a WS-Federation Service Provider
- Apache Shiro and Multi-factor Authentication
- Apache Shiro: authenticate with username/password but store user id as the principal
- Shibboleth Identity Server using External Shibboleth Identity Server for Authentication