I am using Play framework and PAC4J to authenticate WSO2 via SAML SSO. I need SAMLResponse back to generate cookie and access WSO2 APIs. How to get SAML response from PAC4j?
Did you take alook at play-pac4j-scala-demo? There is an example showing the creation of a JWT token using the ProfileManager.
Related
From my application I have to invoke external http service which uses google authentication. It works when I invoke it from browser. I found out that it happens because I have cookie which contains
GCP_IAAP_AUTH_TOKEN_<random_string>
GCP_IAP_UID
So my cookie look like this:
cookie: GCP_IAP_UID=111111111111; GCP_IAAP_AUTH_TOKEN_1234567891234567890B=verylongstringhere"
I tried to set this cookie directly in my restTemplate and it works properly but I expect that I have to get token based on some kind of credentials.
webClient.post()
.uri(uploadUrl)
.header("cookie", "GCP_IAP_UID=12345678901234567890; GCP_IAAP_AUTH_TOKEN_12345678907645456546B=verylongstringhere")
Could you please provide example of correct usage GCP auth ? How to update token? Based on what?
Google APIs use the OAuth 2.0 protocol for authentication and authorization
You can obtain OAuth 2.0 client credentials from the Google API Console. Then your client application requests an access token from the Google Authorization Server, extracts a token from the response, and sends the token to the Google API that you want to access.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API.
There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to Google, while an application installed on a device that has no browser uses web service requests.
I recommend you to go trough OAuth 2.0 to Access Google APIs article to choose the best method for your application, there are a couple of documented scenarios to explain how GCP uses application authentication
I am trying to connect to a web service (WSDL file) in .NET from Java, but I am unable to authenticate. The authentication is based on ADFS SAML.
I have used all the libraries: Axis, Axis2, JAX-WS, Metro but none of them are working for me.
So then I just made a SOAPEnvelope in SAAJ and am just sending it without any other 3rd party library. Now I know exactly what is being sent.
What I don't know, is how to populate the header message correctly? The server is using TransportWithMessageCredential security mode with clientCredentialType="UserName".
Since its SAML, I need to send a message with credentials that will send be back a token that I can use in my subsequent messages.
How do I make that request message that returns me the SAML token?
In order to talk SAML to ADFS, you need a client-side SAML stack.
So you can authenticate via the SAML stack to ADFS and get a SAML token back.
There is a SOAP binding for SAML but it is not supported by ADFS.
I have my Spring Boot application, that provides some rest endpoints. Those rest endpoints need security, and I want to use the Oauth2 for it.
My idea is to use Google oauth2 token for that. I don't want to provide login functionality in my Spring Boot app, so I just want to check that the Bearer token is there and get the user info from it to display his/her data accordingly.
I'm checking this tutorial, but I don't think it's exactly what I want
https://www.baeldung.com/spring-security-5-oauth2-login
I would like to explain some scenrios that should be considered while deciding the security approach:
If your application users exists in google, means users having google accounts, then you can go for google authorization server oauth 2.0 https://developers.google.com/identity/protocols/OAuth2, In this case your should register on google developer portal, and application will recieve the access and refresh token after successful authentication of users. After that OpenId call can be made to google to get the user information
Above flow and integration will same as, Like you see the link on Quora application for "Login via google".
Now in services you can request validate the Bearer token via google oauth 2.0 validate endpoint and call the userinfo endpoint to fetch the user information.
if you go for JWT token then there wont be requirement to reach out to google authorization server for token validation and userinfo call.
Second approach is to build your own oauth 2.0 server using springBoot - https://spring.io/guides/tutorials/spring-boot-oauth2/
Use API gateway layer for token validation and further authorization can be done on microservices using spring security.
At the end of this tutorial you have more info for Google’s userInfo endpoint response:
https://developers.google.com/identity/protocols/OpenIDConnect#obtainuserinfo
You can check there :)
I have enabled google social login for my keycloak instance, but I need to use it as a rest service.
Is there endpoint that can be used to do this?
There is no Google authentication API in the Keycloak but you can solve it with Token Exchanging.
You need first authenticate with Google API and get an external
token,
External Token to Internal Token Exchange.
Apologies, I work predominantly with iOS lately, and its been a while since I've worked with Spring.
Tools:
Kotlin
Spring Boot
Spring Social
Problem:
I'm building an app that allows typical 'Login with Facebook' type functionality.
I'd like to send the OAuth token obtained by the iOS client to the backend to authenticate with. If the token is valid, the backend will return successful authentication, otherwise indicate invalid credentials.
After logging in with the OAuth token, some profile information will be retrieved.
Question:
Most of the Get Started guides seem to follow the authentication with OAuth using username and password credentials.
Using Spring Social+Facebook, how can I:
Authenticate using an OAuth access token and retrieve profile data?
It is simple - Spring's FacebookTemplate can be instantiated with an oauth access token as follows:
val facebook = FacebookTemplate("$$TOKEN$$")