Have a question? We're here to help.
Recent Improvements in Apache Fortress REST Delegated Administration
Before the latest changes using the DA checks was more complicated. In addition to the HTTP Basic Auth creds, callers had to pass the administrator’s session in the payload of the request. This made it harder to use and (worse) less secure.
March 25, 2019 – Apache Roadshow
The Anatomy of a Secure Java Web App Using Apache Fortress Shawn McKinney to speak at Apache Roadshow Join Symas Software Architect, Shawn McKinney, as he presents on Apache Fortress at Apache Roadshow. Click to learn more.This talk describes how to design end-to-end...
Adding Contextual Information to the RBAC Decision
We don’t have to throw the baby out with the bathwater. RBAC has many good aspects that we’d like to preserve. It’s standards-based, meaning various implementations should interoperate. It works, and is already in place, pretty much everywhere. But we’d like to be able to sprinkle in a bit of context, allowing us to fix the role explosion problem, without breaking its interoperability, or bringing in another implementation, with yet another protocol.
Configuring Apache Fortress-OpenLDAP for High Availability
This post describes how Apache Fortress and OpenLDAP can be placed into a highly-available configuration. Apache Fortress provides Identity and Access Management APIs over HTTP using either JSON or REST formats. OpenLDAP is where the data is stored and maintained.