What is a required Oauth2 or SSO for our usecase

Question

Our business use case is that we have four to five services deployed as java spring web applications. These services have user/customers derived from either registration process or some existing running applications exposed as rest services. We intend to make a single portal which provides users to be able to use a single account / credential to log into many services directly.

With internal approach we assume having individual customer table for each services. And a common Login table for all services whose id is tagged/mapped as foreign key in individual customer table of each services.

Also some services can be accessed without registration , in that case we fetch the data via customers account id from some third rest service and store it in individual services/application customer table and in common Login Table if not already present.

For services which require registration we store the customer credentials in login table if not present; and also in service/applications customer table with a common login table mapping.

But we need a secure portal with session tracking , session timeout just like Single Sign On

With some research we have narrowed the approach to implement the above scenario with either SSO or Oauth2 which her is applicable. Refer the link (https://stormpath.com/blog/oauth-is-not-sso ) for more insight.

Can someone suggest which approach SSO or Oauth2 is applicable for our business usecase ?

if SSO , which is the best opensource simple SSO for java Spring applications?

if OAuth2 , what will act as Client application, Authorization Server , Resource Owner and Resource Server? As we have services(Java applications) as client application hosted in Common Application/Portal? will the common login table act as resource owner ?

What is a required Oauth2 or SSO for our usecase

Answers (1)

Related Questions