You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

ESAPIS Hash Authentication

Overview

We have incorporated a new method of client authentication into csf-security. We are calling this method "Hash Authentication", as it relies on a hashing algorithm to authenticate the client. It will be primarily used for APIs. The purpose of this authentication method is to allow client applications to authenticate to our web APIs without having to provide Touchstone credentials or manage an X509 certificate. Hash authentication was first used in the Nelnet APIs (Nelnet is an external system that exchanges data with MITSIS via an API).

How Hash Authentication Works

TBD

Configuring a Web App for Hash Authentication

The code for Hash Authentication resides in CSF Security (v2.0.36-SNAPSHOT). To make use of this feature, a web application must:

x. Import a Spring hash authentication config file from CSF Security. The import should be done in the web app's Spring Security config file:

 

     <import resource="classpath*:applicationContext-csf-security-hash-authn.xml" />

 

2. Include a reference to the Hash Authentication filter in the filterChainProxy's list of filters. The filter id is "hashAuthenticationProcessingFilter" and should be the first authentication related filter in the chain - example:

  •      <security:filter-chain pattern="/**" filters="esapisSecurityContextNonPersistenceFilter,
                  logoutFilter,
                  hashAuthenticationProcessingFilter,
                  esapisAuthenticationProcessingFilter,
                  basicAuthenticationProcessingFilter,
                  exceptionTranslationFilter,
                  filterSecurityInterceptor"
         />
  • Place two properties files in the web app properties directory.

 

  • No labels