i have a Service Provider hosting web applications. These applications are protected by a J2EE filter, deployed in the Service Provider, that intercepts requests and comunicate with SAML 2.0 identity providers. Now the same service provider have to host even Oauth 2.0 resources (so became an Oauth 2.0 resource server). How can i evolve my J2EE filter to detect which requests have to be protected via SAML 2.0 and which request via Oauth 2.0 access_token ? Thanks in advance.
1 Answers
0
votes
As I understand, you need to protect the web urls/services using this filter.So in that case you can filter the requested resource depending on context e.g. requests for url or service with context /X/department/finance/* with SAML and may be /X/department/hr/* using OAuth.
If the resources are also the same you can do an identification based on request parameter sent by client.
