To widen the authentication integration scenarios MuseKnowledge™ Proxy now supports a wide range of OAuth, OAuth2, OpenID Connect Single Sign on its entry point. Although the initial target was for Google authentication more than a dozen of OAuth providers and also a generic OAuth client implementation can be configured for authentication to the providers that are not diverging from the usual practices in OAuth requests and responses. The out of the box OAuth support is for: BitBucket, DropBox, Facebook, Foursquare, Github, Google, LinkedIn, ORCiD, Paypal, Strava, Twitter, Vk, Windows Live, Word Press, Yahoo. Note that Google authentication ensures authentication with both the public gmail.com domain as well as Google hosted institutions via Google Apps for Education, for example.
To cover the cases in which we need to use an existent HTTP service or even a HTML login form existent in the intranet for authentication into a MuseKnowledge™ Proxy application the development team created the External HTTP Authentication Login Module. Upon authentication MuseKnowledge™ Proxy logon page is presented and the request to the remote HTTP login end-point is made as part of an extract and navigate scenario taking a success/fail decision based on elements from the page.
Changes in the source presentation layer allows for source categorization in multiple classes (areas). Multiple areas such as Subject, Vendor, Flat, Alphabetical (A-Z) can be defined and these are displayed in different tabs. Integration with MuseSearch passthrough is also possible if dblist mappings are defined. The MuseProxyFoundation application interface has improved its look and feel to accommodate the categorization.
Three new Administration Console pages SSO Authentication, HMAC Link Generator and Evaluate Regex are available in order to help on with OAuth SSO, HMAC testing and with simulating how RegEx filters works.
HAProxy PROXY Protocol v1 and X-Forwarded-For are supported by MuseKnowledge™ Proxy in order to get the end-user IP from load balancers that do not spoof/masquerade the end-user IP in the TPC/IP packets but have other logical means of sending the IP.
An alternative extract and navigation implementation based on the Apache HTTPClient is available and can be selected on a source by source basis. This is an alternative to using the JDK URLConnection library which does not offer lower level access to source IP and we were forced to perform an extra request.
Follow-up links without authentication (session cookie) such as for the preflight OPTIONS where the CORS standard requires the browser to avoid sending authorization data (hence no cookie session) are supported based on a new source configuration element.
The detailed list of changes is available in MuseKnowledge™ Proxy Release Notes PDF Document and the new features are described in the manuals that are part of the distribution. As usual we offer a Free 30 Day Trial period to fully evaluate the new version of MuseKnowledge Proxy. You can request a Trial License Key by simply filling in the trial form.