I am new to spring security but the scenario I am trying to achieve is to provide basic authentication/authorization(security). The user story requires integration of ForgeRock OpenAM(mandatory) for security. Scenario: I have a spring boot microservice which exposes APIs to allow a UI to connect to a server. How can I include OpenAM within spring boot REST service so that I can provide basic security? What all do I require to achieve the same?
You can use OAuth2 or OIDC to integrate your REST-Service with OpenAM.
For information on OAuth2 and REST look at this eg: https://content.pivotal.io/blog/securing-restful-web-services-with-oauth2
For information on using OAuth2 with OpenAM look here: https://backstage.forgerock.com/docs/am/5.5/oauth2-guide/ Same for OIDC with OpenAM: https://backstage.forgerock.com/docs/am/5.5/oidc1-guide/
Hope I could help you :)
There are probably plenty of ways to do that: Some Forgerock plugins, let gateways do the AuthX, SAML2, OAuth2/OIDC, ...
The way I'd recommend is to stick to standards - because they are interchangeable and you can apply them to any application or use them with every modern identity provider.
I personally favor OIDC (aka. OpenID Connect, which is based on OAuth2) for an SSO in applications. There are plenty of good resources on how to setup OIDC/OAuth2 with OpenAM and same for Spring Security.
Here are some links that will help you to learn about it:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.