| *** m1hael (~mschmidt@kastor.sgbs.de) has joined #wikid | 07:14 | |
| m1hael | hi, i am new to wikid. we have rest services (java), web frontend (java vaadin) and android apps which communicate via the rest services with the backend. we would like to add some authentication to the whole setup. does wikid support this out of the box? | 07:16 |
|---|---|---|
| *** m1hael has quit (*.net *.split) | 09:10 | |
| *** m1hael (~mschmidt@kastor.sgbs.de) has joined #wikid | 09:11 | |
| *** m1hael has parted #wikid (None) | 09:11 | |
| *** m1hael (~mschmidt@kastor.sgbs.de) has joined #wikid | 09:11 | |
| m1hael | hi, i am new to wikid. we have rest services (java), web frontend (java vaadin) and android apps which communicate via the rest services with the backend. we would like to add some authentication to the whole setup. does wikid support this out of the box? | 09:11 |
| *** nowen1 (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 12:13 | |
| m1hael | hi, i am new to wikid. we have rest services (java), web frontend (java vaadin) and android apps which communicate via the rest services with the backend. we would like to add some authentication to the whole setup. does wikid support this out of the box? | 12:51 |
| *** nowen1 is now known as nowen_work | 12:51 | |
| nowen_work | m1hael: are you still here? | 13:00 |
| m1hael | yep. still here | 13:00 |
| nowen_work | tell me what you are trying to do. I read the logs, but would like more info | 13:00 |
| m1hael | we have some rest services deployed (java) which need authenticated access. we have some web frontends which need some form of authentication. the web frontends (java / vaadin) get the data from the previous mentioned rest services. we have also android apps which also gets their data via the rest services. | 13:02 |
| m1hael | what we need here is a form of authentication which works on all these locations: rest services, web and android | 13:03 |
| nowen_work | Have you seen our API? | 13:03 |
| m1hael | not yet. i thought to ask question first before diving into any API or making any prototype setup | 13:03 |
| nowen_work | well, our server is written in java. it's our primary lang. | 13:04 |
| nowen_work | I see no reason why this can't be done fairly easily | 13:04 |
| nowen_work | we have an android token | 13:05 |
| m1hael | so the web client asks for user/pass and these are passed to the wikid system? what does the web client gets in response? a token? | 13:05 |
| nowen_work | no, it gets an XML response. | 13:06 |
| nowen_work | http://www.wikidsystems.com/support/wikid-support-center/manual/wikid-network-client-wclient-api-manual/transaction-examples-part-2 see online login | 13:06 |
| nowen_work | the java client interprets this as a 'success' | 13:07 |
| nowen_work | http://www.wikidsystems.com/support/wikid-support-center/web-application-how-tos/how-to-use-wikid-in-a-jsp-application | 13:09 |
| nowen_work | might also help | 13:09 |
| m1hael | it is pretty confusing and not as straightforward as i hoped it to be. but so it seems to be with auth. | 13:10 |
| nowen_work | well, we have on the server a file called example.jsp. it shows how to implement all the functions of the api and is well documented | 13:11 |
| m1hael | we have several android apps. the user should enter credentials at most only once, no matter what app it uses. can this be done? | 13:12 |
| nowen_work | perhaps you need info on how WiKID works in general? | 13:12 |
| m1hael | does the android client also works with the community edition or would we need to buy the commercial edition? | 13:14 |
| nowen_work | no - sorry, we use commercial encryption libraries for the smart phone tokens | 13:14 |
| nowen_work | how many users do you have? | 13:15 |
| m1hael | we have probably 30 android clients and one web app with about 40 users | 13:16 |
| m1hael | what is a good starting point for grasping the general concept of wikid? | 13:18 |
| nowen_work | http://www.wikidsystems.com/learn-more/how-it-works | 13:18 |
| m1hael | thanx i'll take a look into it thanx | 13:19 |
| nowen_work | essentially, the tokens create public/private keys and have an exchange with the server. the user types their PIN into the token, it is encrypted & sent to the server. If the PIN is correct, the account active and the encryption valid, an OTP is generated on the server, encrypted and returned | 13:20 |
| nowen_work | the user enters the OTP into the app/vpn and on the back the api or a protocol like radius verifies it with the server | 13:20 |
| m1hael | and wikid provided a library which lets my app check if the OTP is valid? | 13:23 |
| m1hael | provides | 13:23 |
| nowen_work | yes | 13:26 |
| nowen_work | it is lgpl licensed | 13:26 |
| nowen_work | we also have python, ruby, php | 13:26 |
| m1hael | ok. so the frontend client could send the token as a http header entry over a ssl connection to the server. the server could examine the header/token and check if it is valid. did i understand it correctly? | 13:27 |
| nowen_work | are you asking about session handling? | 13:28 |
| m1hael | no | 13:28 |
| nowen_work | our token clients don't use https, we use asymmetric encryption over port 80 | 13:30 |
| m1hael | the rest service needs somehow to know if the request is valid (comes from an authenticated source). if the token is sent as an http header entry it could check if the token is valid and so assume that the source is authenticated. | 13:30 |
| m1hael | i didn't mean the connection for registration/authentication but the rest call my applications do. | 13:31 |
| nowen_work | ahh - ok - so your app gets the validation from our library and sets the header? | 13:33 |
| m1hael | yes | 13:33 |
| m1hael | sales question: does one year subscription mean we can use the software for only one year or does it mean we are on maintainance/support and are getting updates for one year? | 13:39 |
| nowen_work | both. the subscription is the right to use, support, everything all in one | 13:40 |
| m1hael | thanx for the info. i think i'll setup a test env. | 13:43 |
| nowen_work | great. for the record, we love IRC for support ;-) | 13:44 |
| m1hael | yes. i also love IRC. much faster feedback than forums, etc. | 13:46 |
| *** m1hael has parted #wikid (None) | 13:48 | |
| nowen_work | biab | 13:55 |
| *** nowen_work has quit (Read error: Connection reset by peer) | 15:59 | |
| *** nowen1 (~nowen@50-194-249-125-static.hfc.comcastbusiness.net) has joined #wikid | 16:00 | |
| *** nowen1 is now known as nowen_work | 16:45 | |
| joevano | and IRC support is much geekier :-D | 16:47 |
| *** nowen_work has quit (Quit: Leaving.) | 20:13 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!