Description:

Portal has brought forward that they utilize a Cookie Based SSO Authorization in their originating Company code.  For ONAP, they created one within ONAP itself.  Needing to support this and CADI, instead of CB SSO within CADI makes their code complex, and non-portable.

Since Cookie based Authentication is an Authentication type, I believe the SECCOM community should

1) review, and see if it approved use of Cookie Based Authentication within ONAP

2) If it is desirable, then we should add this ability into CADI for Dublin, so that it is supported seamlessly for Apps needing it.

2018-10-24:

SECCOM feedback:

• Is there a relation to the "plugable authentication"
• Historically, portal created the secure cookie approach as there wasn't an alternative.
• Needs to be able to integrate into existing SSO that maybe employed at the enterprise
• There was not objectsion to a cookie based approach for GUIs.
• Conclusion: go ahead and come back with a proposal for what could be done in dublin.  Work with portal as well.

Cookie based authentication is being considered as a Frankfurt AAF feature.