This feature implements an SSO access to the Enduser UI and Admin Console by using OpenID Connect 1.0 which is a simple identity layer on top of the OAuth 2.0 protocol. It allows Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.
The flow for this feature will be possibly as follow (using Google as an example of OpenID Connect Provider):
- From Enduser or Admin login UI, the user can choose to be authenticated using Google account.
- Check if the user has a valid session, otherwise prompts the user to login by redirecting him to the Google Login UI.
- After the user login successfully to his Google account, grant him an access to Enduser UI or Admin console.
This will be achieved by following the OpenId Connect required flow, leveraging possibly from CXF features.