Work Plan Phase II Radius , Potential Issues and Lower Priority Tasks

Work Plan For Phase II

• Implement oxAuth RP Interception Script Support

  1. Clone oxAuth and study it's operating mechanism - done 100%
  2. Make changes to oxAuth to support interception scripts. The only area which needs change at this level is org.xdi.oxauth.auth.AuthenticationFilter There will be little to no need to change org.xdi.oxauth.auth.Authenticator The function(s) likely to be affected is (are):
     1. private void processPostAuth (line 279)
     2. private void processBasicAuth( line 198)
     3. public void doFilter (line 84)
  3. Based on the existing code in org.xdi.oxauth.auth.AuthenticationFilter , implement RP Interception Script support while using a script name as a parameter in the request.
  4. Write a one step super gluu interception script based on the SuperGluuExternalAuthenticator.py
  5. Write unit tests to validate our changes
  6. Further review by the team

• Based on work done in (1) add support for oxAuth RP interception script in Radius. This will be a matter of just adding a single parameter to the request (script to be executed). This is top priority.

Potential Issues

1. From my understanding how interception scripts work (or will work in this case) , there is a potential performance bottleneck , since the token grant response (wether successful or not) cannot (from what I see at least) be delivered asynchronously. This means a server thread being actively used to wait for user confirmation on his device (or timing out eventually) , but in any case held in that state for too long. We will have to find a workaround to that.

Lower Priority Tasks

1. Moving the code requiring LDAP data access to oxCore
2. Use oxAuth Client instead of a wrapper around apache Http client (due to initial error reporting issues with oxAuth client).