Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use workflow engine for authn #1206

Closed
jgomer2001 opened this issue Nov 26, 2019 · 3 comments
Closed

Use workflow engine for authn #1206

jgomer2001 opened this issue Nov 26, 2019 · 3 comments
Labels
enhancement libs update, re-factroring, etc. move to janssen

Comments

@jgomer2001
Copy link
Contributor

jgomer2001 commented Nov 26, 2019
edited
Loading

In this issue I compile several whishes and ideas I have or have heard from others with respect to improving design and definition of authentication workflows

It has a broader scope than
GluuFederation/oxCore#124 so probably we can only start tackling this in 4.2 or 5.x

  • Leverage a workflow engine/framework that can take charge of running the flows. A Small/manageable one (no big things like BPM)
  • Flows potentially defined declaratively (ie xml, yaml...) or via GUI
  • Better UX control in the navigation (eg. safe back button, retaking the point at which the flow was left)
  • A good level of composability/modularization (eg. reuse of smaller flows to create more complex flows)
  • Small decoupled chunks of code (no big scripts)

I did a small research in this regard. The only tool I found suitable is Spring Web Flow (actually it may suit very well). However the following is uncertain:

  • how we can encompass oxauth (Weld) with it
  • how to provide the flexibility we currently offer (jython scripting to add/edit flows on the fly) because it seems everything needs to be compiled/packaged beforehand. I checked grails framework which is built on top of Spring MVC and originally offered support for spring web flow but the plugin is not maintained anymore. Under Grails is Groovy, a language similar to python which can be used as scripting language in Java. So it might be a solution to evaluate.

Advanced wishlist:

  • Some form of visualization of flow definitions (or graphical flow edition)
  • AJAX in html pages, ie not necessarily change page when the flow step changes

Relevant use cases:

  • Sophisticated identifier-first authentication
  • Step-up authentication with parametric access policies
  • A user registration process with credential enrollment

Related issues:
@jgomer2001 jgomer2001 added the enhancement libs update, re-factroring, etc. label Nov 26, 2019
@jgomer2001 jgomer2001 added this to the 4.2 milestone Nov 26, 2019
@jgomer2001
Copy link
Contributor Author

I conducted a small investigation on what would be required to implement a flow engine ourselves and concluded the effort is enormous. It's a really cumbersome project.

@nynymike nynymike changed the title Allow creation of sophisticated authentication flows Use workflow engine for authn Nov 30, 2019
@nynymike
Copy link
Contributor

Definitely agree. An enhancement like this should be the result of a formalized product decision. It makes sense to socialize this first.

@jgomer2001 jgomer2001 modified the milestones: 4.2, 4.5 Dec 30, 2019
@jgomer2001 jgomer2001 mentioned this issue Jan 17, 2020
Closed
@martynaslawinska
Copy link

The issue has been moved to Janssen: https://github.com/JanssenProject/jans-auth-server/issues/45

@shmorri shmorri closed this as completed Mar 5, 2021
@shmorri shmorri removed this from the 4.5 milestone Mar 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement libs update, re-factroring, etc. move to janssen
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nynymike @jgomer2001 @martynaslawinska @shmorri