I am developing a small web application and am blocked at the step to make an authentication for users , to be more clear I Followed the steps to configure the OAUTH 2.0 in the credentials option and when I tape my URL application in the Browser the authentication window does not appear at the website ,so is what I did good enough or I have to do something other in the code side at eclipse.
Related
image of the website I am intended to set up a SAML SSO with my web app. I am currenty having a web app that has its own two step verification process for validating the users. I need to configure this web app as my Identity provider and use the website https://velpic.com as my Service provider. This website supports SSO and for accessing this website the user has to be first authenticated in the web app and should maintain a SSO in the website. I already have my java webapp running in tomcat 9.0 and now need to implement this. Can any one help me with getting started?. And i dont want to user any external Idp providers.
I have a question about integrating authentication into my web application.
First let me give the relevant technology background of my web application -
Application/Web Server - Tomcat 8.5
Underlying OS - CentOS 7.x 64-bit
Programming technology - Java Servlets 3.1
JDK version - 1.8
UI technology - Browser based; Developed using Angular2/Javascript/HTML/CSS
Web application users - Targeted at enterprise users
As of now, there isn't an authentication system built into the web application. However as I build this web application, I need to include an authentication module.
My main points to consider as I decide on authentication system/technology are -
I preferably do not want my application to deal with the storage and protection (on disk) of the user credentials
I preferably do not want my application to deal with enforcing password complexity, history, expiration policies etc.
My application will have to provide for -
A login page to allow the user to login
A change password page
A create user page
Based on the above, I am currently thinking of deploying a Windows Server 2016 instance as the Active Directory(AD) server that will hold the credentials for the application users. Note that at this point, this Windows server is not planned to be shared with any other application to support a single sign-on experience across applications.
I am planning to configure my Tomcat server with a JNDI realm to authenticate users (against the AD) and then use some kind of Java AD library that will allow me to create an user and change a user's password in AD via my application's create user and change password page.
My application will support its own custom roles and authorization constraints so i am not looking to use AD's group membership for authorization within the web application.
My questions are -
With the above setup, are there any reference authentication systems/libraries/modules that might be better suited (than AD) to integrate within my web application?
If I go with the above Windows AD server approach then are there any Java (inbuilt or community developed) AD libraries that allow for creating an user in AD, changing user password in AD etc. I have used the JNDI realm before so I am sure that it can be used to authenticate the incoming user against AD
I am not an expert in Spring Security and my web application does not currently use Spring Security but I am open to using it if Spring Security includes a solution to my problem described above.
I am also not worried about supporting single sign-on as such and its totally fine in my scenario if the application users have a separate login for my application.
Since my web application is targeted at enterprise users, I don't want to leverage Facebook authentication. As much as possible I want to ensure that the credentials are maintained in a server within the deployment infrastructure rather than the credentials being hosted and maintained by a 3rd party service
Thank you for your help and suggestions
Requirements
My requirements are to write a secure web application that runs behind a firewall and via the OAuth2 protocol accesses a google app engine application. The google app engine should not be able to be accessed in any other way (save by the developer/admin). The programming language is Java. The authorization is to be server to server.
Deployment
I will have a "gate keeper" application running on WildFly (JBoss) with Keycloak and will use active directory to login my users on this web application running behind the firewall. In this way, everyone who has an account at the business I am servicing should have access to the google app engine application. Again, this processing runs behind the business's firewall as a Java EE web application deployed to WildFly.
The next step after a successful login is for the user to get redirected to the web page that the google app engine is servicing. I don't want any other users (except my developer account/owner account) to be able to reach this url.
I have created the JSON user credential file and downloaded from the google developers console for my google app engine project.
I also have included the google-api-client in my maven pom file on my gatekeeper project.
<dependency>
<groupId>com.google.api-client</groupId>
<artifactId>google-api-client</artifactId>
<version>1.20.0</version>
</dependency>
from https://developers.google.com/api-client-library/java/google-api-java-client/setup
Questions
How do I code (Java) the wonderful world of OAuth 2.0 using the google api client? I imagine that I will have code on the "gate keeper web application" (Java) and probably some configuration xml in my appengine-web.xml. Will my app engine application need any additional code? Does anyone have step by step instructions or a sample code/configuration? I have read https://developers.google.com/identity/protocols/OAuth2ServiceAccount and yet am at a loss on how to apply.
Thanks in advance for your help. I would guess that this is a very common scenario for SaaS providers?
As mentioned previously, you're asking at least 2 questions. First, how to authenticate an application against a OpenID Connect 1.0 authentication server - in this case, Keycloak - behind a firewall. Secondly, how to use the google-api-client.
I'd suggest taking a look at the OAuth Bible to understand how OAuth 2.0 Two Legged and Three Legged flows are implemented. Three Legged authentication is more secure but your firewall will pose a problem.
Also, you'll be more likely to get help if you break out the google-api-client part into a more concretely defined question.
I recently did a quick mock up of a web service using C# on IIS. All users are using Windows so, in the web service, I was able to get the current user via NTLM.
Now I have to migrate this to a Java web service running on Tomcat or WebSphere.
What authentication options are open to me? I see that Apache HttpComponents has an NTLM feature but I can only find instructions on how to use it on the client side. Can I use it in my web service to determine the current user? (Remember, all users will be Windows users)
Just to clarify: this is for use in a company intranet and all users will be logged in to Windows. This is why NTLM seems to be the right way to go.
Try WAFFLE windows authentication framework.
(http://waffle.codeplex.com/)
It is one of the third party libraries suggested in the tomcat documentation. (https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html)
It comes with zero configurations and all you have to do is to modify your web.xml to you waffle as in this tutorial (http://code.dblock.org/2010/05/20/single-sign-on-tomcat-negotiate-authenticator-kerberos-ntlm-w-waffle.html)
I want to invoke a Desktop Application. Before invoking that Desktop App the user should login to the Web Application & the same credentials to be used in Desktop App. The Web Application is ASP.NET & Desktop App is a SWING based Java Application. Is it possible to authenticate in that case ?
If you're saying you want to automatically log the user into your system from the desktop application if they're already logged in to the web application, this is going to be tricky.
If you're just asking for a way to ensure the user that logged into the desktop app used the same details as the web app, I'd consider just using IP address as authentication.
I'm not sure if I have understood your question correctly, but it seems like you want to share the same authentication source between a desktop app and a web app. This should be possible depending on what that authentication source is. For example if the web app does a look up on LDAP or on a database table, then there's nothing stopping you from doing that from the desktop application, assuming that you can get a database connection, or access the directory server.
If the authentication source of the web app is not available to the desktop app then you might want to consider writing an authentication web service and deploying this alongside your web application. This web service should be able to access the same authentication source as the web application and can be called by your desktop application.