shiro.ini documentation for end users

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

shiro.ini documentation for end users

Graham Leggett
Hi all,

We have an existing application provided by a vendor that embeds Apache Shiro to do authnz. I have been looking for reference documentation for the shiro.ini file, but have only been able to find this which covers API programming in Java, not administrator configuration of a Shiro application:

http://shiro.apache.org/configuration.html#Configuration-INISections

Does anyone have any documentation describing what goes into shiro.ini?

I was hoping to see what SSO options are supported by Shiro, but I cannot find anything documented on this.

Specifically, I want to know if Shiro does OpenID Connect, and if it does, what version of Shiro added support for this?

Regards,
Graham



smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: shiro.ini documentation for end users

gs286k .
Hi Graham,

Shiro does not provide OOTB support for OpenID. You can write your own provider in Shiro or use PAC4J which is build on top of Shiro and provides support for OAuth, OpenID connect and SAML.

Regarding what goes in Shiro.INI, the link that you specified is what is available. 
It is pretty simple, based on BeanUtils and it allows you it initialize any Java bean/components.
This covers pretty much what it contains:

# ======================= # Shiro INI configuration # ======================= [main] # Objects and their properties are defined here, # Such as the securityManager, Realms and anything # else needed to build the SecurityManager [users] # The 'users' section is for simple deployments # when you only need a small number of statically-defined # set of User accounts. [roles] # The 'roles' section is for simple deployments # when you only need a small number of statically-defined # roles. [urls] # The 'urls' section is used for url-based security # in web applications. We'll discuss this section in the # Web documentation

Thanks,
-Gautam



Thanks,
-Gautam


On Thu, Oct 12, 2017 at 9:09 AM, Graham Leggett <[hidden email]> wrote:
Hi all,

We have an existing application provided by a vendor that embeds Apache Shiro to do authnz. I have been looking for reference documentation for the shiro.ini file, but have only been able to find this which covers API programming in Java, not administrator configuration of a Shiro application:

http://shiro.apache.org/configuration.html#Configuration-INISections

Does anyone have any documentation describing what goes into shiro.ini?

I was hoping to see what SSO options are supported by Shiro, but I cannot find anything documented on this.

Specifically, I want to know if Shiro does OpenID Connect, and if it does, what version of Shiro added support for this?

Regards,
Graham





--
Thanks,
-Gautam
Reply | Threaded
Open this post in threaded view
|

Re: shiro.ini documentation for end users

Graham Leggett
On 12 Oct 2017, at 5:49 PM, Gomsy <[hidden email]> wrote:

Shiro does not provide OOTB support for OpenID. You can write your own provider in Shiro or use PAC4J which is build on top of Shiro and provides support for OAuth, OpenID connect and SAML.

Does Shiro contain any implementations of its own, or is the expectation that you use an externally provided implementation like PAC4J?

I am coming at this from the angle that someone else has already implemented the Shiro code for us, we need to configure shiro.ini to meet our needs, or at the very least see what our options are. This is a little tricky.

Regards,
Graham


smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: shiro.ini documentation for end users

gs286k .
Shiro provides implementation for JDBC, CAS and file based identity providers bot not for OpenID.
For now the assumption is that developers will either implement there own or use one of the extension libraries available. 
I have heard that there were discussion going on for providing a default implementation of SAML in future but not sure about OpenId.

Regarding Shiro.ini I have not seen any documentation apart from the link  that you already provided.
If you have specific questions, feel free to ask in this forum.

Thanks,
-Gautam




On Thu, Oct 12, 2017 at 10:52 AM, Graham Leggett <[hidden email]> wrote:
On 12 Oct 2017, at 5:49 PM, Gomsy <[hidden email]> wrote:

Shiro does not provide OOTB support for OpenID. You can write your own provider in Shiro or use PAC4J which is build on top of Shiro and provides support for OAuth, OpenID connect and SAML.

Does Shiro contain any implementations of its own, or is the expectation that you use an externally provided implementation like PAC4J?

I am coming at this from the angle that someone else has already implemented the Shiro code for us, we need to configure shiro.ini to meet our needs, or at the very least see what our options are. This is a little tricky.

Regards,
Graham




--
Thanks,
-Gautam
Reply | Threaded
Open this post in threaded view
|

Re: shiro.ini documentation for end users

Brian Demers
OIDC is defiantly high on my personal TODO list, its just a matter of when!

On Thu, Oct 12, 2017 at 12:25 PM, Gomsy <[hidden email]> wrote:
Shiro provides implementation for JDBC, CAS and file based identity providers bot not for OpenID.
For now the assumption is that developers will either implement there own or use one of the extension libraries available. 
I have heard that there were discussion going on for providing a default implementation of SAML in future but not sure about OpenId.

Regarding Shiro.ini I have not seen any documentation apart from the link  that you already provided.
If you have specific questions, feel free to ask in this forum.

Thanks,
-Gautam




On Thu, Oct 12, 2017 at 10:52 AM, Graham Leggett <[hidden email]> wrote:
On 12 Oct 2017, at 5:49 PM, Gomsy <[hidden email]> wrote:

Shiro does not provide OOTB support for OpenID. You can write your own provider in Shiro or use PAC4J which is build on top of Shiro and provides support for OAuth, OpenID connect and SAML.

Does Shiro contain any implementations of its own, or is the expectation that you use an externally provided implementation like PAC4J?

I am coming at this from the angle that someone else has already implemented the Shiro code for us, we need to configure shiro.ini to meet our needs, or at the very least see what our options are. This is a little tricky.

Regards,
Graham




--
Thanks,
-Gautam