did someone a job and implemented openid with OpenEdge Spring security and would like to share it? Or is OpenEdge Spring security limited to these types? (ldap, oerealm, local, saml, container). The idea is to have a client principal to the pasoe calls, even the authentication was done through openid.
I am also very interested in a project like this because we have also to implement the OpenId in the spring framework in a couple of months.
I can see that there are some files with OAuth 2.0 references and OpenID is built on top of this great you think.
But then I opened the file "oauth2LoginModel.xml " in 11.7 and there is a small note......
<!-- NOTE: the OAuth2 authorization service is explicitly disabled and
does not respond to the oauth2.AuthorizationServer.enable property.
The property and this import is put into place for inclusion in
a future, unspecified, release -->
Michael may I ask a question, because I have the feeling you understand this very well.
So in the "Spring security process" there is a block "j_spring_security_check" followed by authenticate.
Then "OERealmAuthProvider" is called and at the end Progress create the client-principal and it ads it to the Session memory and done. This is for the regular authentication provided by Progress nice and easy.
But what if we want to make a custom for example "j_custom_security_check".
And replace the "OERealmUserDetailsImpl" with our custom ABL procedure we all can write by our own :)
Then we can add extra parameters and catch all different logon providers here. Because I don't understand much of the spring architecture.
It looks for me a "simple" copy and past and adjusting some variables. But I don't now where to start.
Can you give me a hint please?
Else I will read the spring security docs and adopt it into my knowledgebase :).