I'm building a central service for our suite of applications. I need to keep the authN/authZ capability and management in our solution, and do not want to maintain another instance within Mayan.
LDAP is a typical bridge, but as our authN/authZ solution doesn't utilize a directory protocol, I'd have to build a facade server to provide that entry point.
Utilizing JWT to pass the identity and (possibly) the authorization would appear a reasonable solution.
The other potential is to allow services to bypass Mayan's authN/authZ capability, by setting up a (permanent) trust relationship between services, perhaps using API keys. This is quite attractive as it allows us to utilize our services without trying to synchronize data and provide bridge capabilities.
For initial development, we will likely either utilize a superadmin as a user proxy to access Mayan (we are looking at whether we can programmatically establish the superadmin credentials, to share with other services), or forking locally to remove the auth in Mayan until a more robust solution is available.
Thanks for your efforts! Please consider this, and let me know if it makes sense and can be done. We may be able to donate some development time soon as well.
Requests for new functionality or improvements in existing functionality. Please provide clear descriptions of your request, an example or if possible a real life scenario.
1 post • Page 1 of 1