Role based security and other questions


#1

Hi:

I am new to Silhouette and I am looking for some guidance. I worked in the past with weblogic. In one of the previous jobs we used a security model where the users where authenticated against MS Active Directory and the application roles were actually mapped to Windows groups.

My questions are:

  1. Can Silhouette be used to authenticate users against an LDAP repository such as MS Active directory? If yes, could you please point me to a sample or article?
    Before I posted here I did some research and I found a message that suggested to interface with CAS. That sent me on the path of reading the CAS documentation, but configuring & running CAS is another rabbit hole that I am reluctant to plunge into, though it might be a smart thing to do. I am not sure. I would be curious to find whether other people use silhouette together with CAS.
    Other posts suggest to use spring ldap and implement the authentication part by hand.

  2. Does Silhouette support role based authorization? From the Silhouette docs I have the impression that Silhouette targets more the authentication side of things. There is another product that deals with authorization called deadbolt2. A quick check of their github site reveals that they are one version behind relative to the playframework support and also based on my research it doesn’t seem to play nice with silhouette.

Thanks


#2

Hi,

  1. Silhouette has currently no LDAP provider. There is a CAS provider, but this is also a bit outdated because it doesn’t support SAML 2. Silhouette uses the old Jasig implementation. In the meantime the project was moved over to Apereo. So you could try to update the dependencies to the new Apereo implementation and see what has changed to the current implementation. Then you could add SAML2 support if needed.

  2. Silhouette supports authorization but you must implement your logic self. I’ve also not used Silhouette with Deadbolt2. So I cannot give you an advice here.

Best regards,
Christian


#3

Thank you for taking the time to answer me. I will have to do more research.