I'm trying to integrate my web app with an external system where the user will login in external system (which I do not have control of ) using Single Sign-On with Oracle Access Manager 11g then can access my web-app without the need to login again .. is it possible to validate the user token which comes from the Oracle Access Manager?
Your application must "plug in" to OAM using an OAM WebGate so that OAM can validate the token. This is typically done through the web server.
See here for an example: https://docs.oracle.com/cd/E40329_01/doc.1112/e49451/webgate_apache.htm#WGINS76147
Related
Can we implement Single Sign On (SSO) using offline cookie in Keycloak ?
I have application 'A ' connected to Keycloak 7.0.1 (KC) server for authentication. KC generates the active session and offline session for user under 'clientA' and returns access token & offline token to user. Offline token has validity of say X days. So when user tries connecting to application 'A" again it uses offline cookie to get the access token and user gets authenticated. So authentication is working using that offline cookie for Application 'A'.
Now I have another application 'B' , lets say it is hosted on same or different domain. KC is able to access the same offline cookie but it doesn't allow the authentication. The client for this application is 'client B'. The error which I get is "Session doesn’t have required client"
Looking at error and reading at articles I understood that two different clients cannot access same offline cookie. But still I wanted to know do anyone came across this scenario and what was the way used to allow both the applications to use same offline cookie or does we have any keycloak configuration which is missing .
Editing this question:
Can we have any REALM level Offline Token instead of creating different offline tokens for each client in realm ?
The keycloak is there to generate the credentials for the different applications, you need to create a second client in the same realm for the application b (you say you have already done that).
I do not think that you can use the access token from application a to application b. Maybe you could do that depending in the way that you generate the token if the two applications share the same private key, but if you do that then probably you do not need keycloak.
Then make an authorization request in this client, since you already have a session in keycloak this should happen automatically and generate the credentials that you need for application b.
To see if this works correctly, I would try to login directly in application b, go to keycloak, login there and see if the token provided can log me in application b.
Sorry for the high level response, but your question is also quite high level itself.
I have a java web application(hosted in Linux) which speaks to a document management system which is a .NET based system via rest services. By default SSO Kerberos authentication is used in document system and for the same we are passing SSO Token to identify the user who accesses our application via web browser. This works fine and the document system is able to identify the user and allows user to upload document.
However we have a problem when a user who belongs to a different domain/AD tries to access the application. This is due to the external trust level between the environment document service is hosted and user environment. The document mgmt system supports NTLM authentication to handle this scenario and we were told that we need to pass credential object in the request. It appears there are easy ways for .NET client to extract user credential using CredentialCache object but I am struggling to find equivalent in Java.
I am trying to find out a way to pull the users windows credential so that I can set in the credentials object before i send the request to document system. Our application is SSO enabled, hence we dont want the user to explicitly pass his windows credential.
I have simple application deployed on weblogic (12) server. On Security realms I've created user with password. Now I want to use those credentials to connect from the java client code (inside my app) to some external server (like LDAP). Is this possible? To use user defined in realms without passing password (cause password will be defined on weblogic)?
What is the best practice for storing user credentials (for connecting to other systems)?
I want to authenticate a user against our Active Directory database on a BlackBerry mobile app.
I've written J2EE apps that authenticate against AD using JNDI (javax.naming).
I've also written BlackBerry apps that do local data access and remote JSON interaction.
In this app, I need to limit access to the back-end servlet based on their AD access.
I do not have access to change the servlet, so I can't pass authentication credentials to it.
Thanks in advance for your input.
My Java desktop application includes a component for communicating with a web service.
We therefore need to include the access details for it within the application, but do not want it to be easily accessible in the event that the code is decompiled (we will be obfuscating).
What techniques can we use to secure these details?
Do not bother encrypting the password in your application. Whatever you do, a determined user will be able to decrypt it and get access to it. My recommendation is to have a username and password for every user. The application will ask the user to enter the credentials and store them (using MD5 for example). If you can't modify the web service to authenticate many users, create a proxy service that can do that. The proxy service, deployed on a secure environment, will be allowed to have access to the username and password of the secured service.
I prefer you try Java Properties API.