-
Type: New Feature
-
Status: In Review
-
Priority: Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Adobe Connector
While working on a couple of tickets related to authentication and security recently, it became apparent that our current authentication flow could be causing some limitations in how our clients need their production instances configured. It is has been proposed that a more restrictive cors config along with an auth flow that works more smoothly with all the various sso protocols Nuxeo supports could be addressed with a flow relying more on a web browser versus using a flow native to the adobe applications would be a potential solution.
As an example, the authentication flow for our Nuxeo Drive application takes advantage of the default browser to check for existing auth tokens, and failing any, uses the configured authentication protocol (basic/sso configured) to complete the flow and send the user back to the native app. It is believed that we would have better luck passing back header information, therefore allowing for a more restrictive cors config setting as well.
In troubleshooting multiple clients sso/cors config settings, we have learned that they have had success with the auth flow/approach used by Nuxeo Drive .
we currently use basic auth/oauth2 we need to use sso (saml) to support our clients. Those in nco are currently using the saml plugin. We also need to support non-sso login concurrently.
Unless this requires updates to the studio project, we shouldn't need to update the server version for the server side plugin (currently 1.0.4 in the marketplace)
- is required by
-
ADB-194 Support SSO authentication
- Resolved