For application developers Federated environments can be somewhat daunting and complex.This plugin allows Grails applications (particuarly those protected by Shibboleth service providers http://shibboleth.net/products/service-provider.html ) to easily integrate into federated authentication.The plugin utilizes Shiro as its internal authentication and access control layer.
grails install-plugin federated-grails
Federated GrailsAllows Grails applications to easily integrate to federated authentication sources particuarly those served by Shibboleth service providers.Utilizes Apache Shiro as an underlying mechanism so serves managing access control requirements equally as well. I recommend you read the Shiro documentation before continuing to get a feel for how this plugin operates - http://www.grails.org/plugin/shiro
- Subject - Security specific view of an entity capable of being authenticated to an application. It can be a human being, a third-party process, a server etc. Also referred to as ‘user’.
- Principal - A subjects uniquely identifying attribute. This is generally mapped to the federation attribute eduPersonTargetedID. For non federated applications this is commonly referred to as a ‘username’
- Credentials - Data used to verify identity at session establishment. For integrators this is the associated SAML assertion and is represented by a unique internal sessionID. For non federated applications this is usually a ‘password’
- Attributes - A subjects identifying attributes. Names, email, entitlements etc.For non federated applications these need to manually entered. For federated applications they are in many cases automatically supplied.