I am trying to implement Google APIs for Shopping Content. To access the APIs need to pass OAuth authentication.
Check the link
Using OAuth 2.0 for Web Server Applications
In this guide, OAuth needs user consent for allowing the access. Check Step 3
"Google prompts user for consent" on server side"
I want to perform this step server side, is there any way for doing this in java?
Related
image of the website I am intended to set up a SAML SSO with my web app. I am currenty having a web app that has its own two step verification process for validating the users. I need to configure this web app as my Identity provider and use the website https://velpic.com as my Service provider. This website supports SSO and for accessing this website the user has to be first authenticated in the web app and should maintain a SSO in the website. I already have my java webapp running in tomcat 9.0 and now need to implement this. Can any one help me with getting started?. And i dont want to user any external Idp providers.
I am developing a small web application and am blocked at the step to make an authentication for users , to be more clear I Followed the steps to configure the OAUTH 2.0 in the credentials option and when I tape my URL application in the Browser the authentication window does not appear at the website ,so is what I did good enough or I have to do something other in the code side at eclipse.
Requirements
My requirements are to write a secure web application that runs behind a firewall and via the OAuth2 protocol accesses a google app engine application. The google app engine should not be able to be accessed in any other way (save by the developer/admin). The programming language is Java. The authorization is to be server to server.
Deployment
I will have a "gate keeper" application running on WildFly (JBoss) with Keycloak and will use active directory to login my users on this web application running behind the firewall. In this way, everyone who has an account at the business I am servicing should have access to the google app engine application. Again, this processing runs behind the business's firewall as a Java EE web application deployed to WildFly.
The next step after a successful login is for the user to get redirected to the web page that the google app engine is servicing. I don't want any other users (except my developer account/owner account) to be able to reach this url.
I have created the JSON user credential file and downloaded from the google developers console for my google app engine project.
I also have included the google-api-client in my maven pom file on my gatekeeper project.
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.20.0</version>
</dependency>
from https://developers.google.com/api-client-library/java/google-api-java-client/setup
Questions
How do I code (Java) the wonderful world of OAuth 2.0 using the google api client? I imagine that I will have code on the "gate keeper web application" (Java) and probably some configuration xml in my appengine-web.xml. Will my app engine application need any additional code? Does anyone have step by step instructions or a sample code/configuration? I have read https://developers.google.com/identity/protocols/OAuth2ServiceAccount and yet am at a loss on how to apply.
Thanks in advance for your help. I would guess that this is a very common scenario for SaaS providers?
As mentioned previously, you're asking at least 2 questions. First, how to authenticate an application against a OpenID Connect 1.0 authentication server - in this case, Keycloak - behind a firewall. Secondly, how to use the google-api-client.
I'd suggest taking a look at the OAuth Bible to understand how OAuth 2.0 Two Legged and Three Legged flows are implemented. Three Legged authentication is more secure but your firewall will pose a problem.
Also, you'll be more likely to get help if you break out the google-api-client part into a more concretely defined question.
I'm developing a RESTful API for my app on GAE python and right now I'm trying to figure out the best way to secure this API.
I have my own member/authentication mechanism on this app.
what is the best way to do this?
having public/private key pairs
becoming an OAuth provider
HTTP authentication (seems very weak to me)
other??
First, discard HTTP Auth. It is not recommended in a true REST API since it resides on cookies.
I would go with OAuth. There's a library called appengine_oauth_provider, which could helps you to start implementing your own provider.
You can use Google Service Account for User Authentication. However, people still can register an account and use your API and surely your app engine bill will go up. They've just introduce Google Cloud Endpoints at Google I/O 2012. You will have a Client ID which will only use on your client application(Android,iOS).
Google I/O 2012 - Building Android Applications that Use Web APIs with Yaniv Inbar and Sriram Saroop
Google I/O 2012 - Building Mobile App Engine Backends for Android, iOS and the Web
If you are interested in, you should try to sign up for trusted tester at
http://endpoints-trusted-tester.appspot.com/
I have a Java EE web application from the web app I have to consume a SharePoint web-service which expects Kerberos/NTLM authentication how can I achieve. I am using CXF for consuming web-service and the web application it self uses Windows Integrated Authentication for authentication.
Take a look at the SPNEGO protocol, this is what Sharepoint ( technically IIS ) uses for Single Sign On authentication. I am not familar with CXF, but generally most of the WebServices platforms allow you to supply additional headers with your request. Basically what you need is:
1. Get authentication token for the sharepoint from user session
2. Use JAAS to generate tokens.
Look here http://appliedcrypto.com/spnego/spnego_jaasclient.html and here http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part6.html for more details.
For the case when you want to authenticate browser users to sharepoint. You have to implement SPNEGO protocol in your web app for example you can use this package do it you. Most of the modern app servers support SPNEGO protocol [ JBoss, WebSphere ]. After you implemented SPNEGO protocol, you can grab the kerberos token from 'Authorization' header.
Then you have two options:
In case you run your web-app with the same identity as the SharePoint front-end you can just resend the same token to the sharepoint.
In case you running as a different identity, you have to use the user's token to go to active directory and request a ticket for sharepoint service on behalf of your user. The account that your web-app runs under has to be trusted for delegation in Active Directory
Also, I am not sure that SharePoint accepts kerberos tokens within SOAP headers, I believe you have to authenticate using HTTP headers.
This question might help you
If you want to use single sign on feature meaning using current user identity take a look
here