I'm using Spring-Boot and annotation based Spring-Security and I would like to use another site as one of my authentication providers.
I search on google but not getting any proper example or related solutions.
Let me know how can I implement Single sign on for 2 different application.
Please Guide.
Thank You.
You could use Jasig CAS to implement SSO and it is supported by Spring Security: https://docs.spring.io/spring-security/site/docs/3.0.x/reference/cas.html
You can use #EnableOAuth2Sso on your spring-boot application set some properties: client id, client secret, token endpoint for your oauth2 server, etc.
This tutorial is for an angularJS client on spring-boot but the server side is similar: https://spring.io/blog/2015/02/03/sso-with-oauth2-angular-js-and-spring-security-part-v
Related
I’m trying to build a spring boot web app where I have my own login module with rest api backends that would do credential validation for me. I need to use spring security to have TLS implemented but even though I managed to override the login page the css would not work. And secondly,when I give the loginprocessingurl in the securityConfig as my controller route to what manages the credential validation, it says too many redirects.
Can I bypass the login module entirely ?
I don’t want to encrypt the password at client end and would really like to utilise spring security.
Thanks in advance!
I'm trying to integrate my Spring app with governmental system responsible for user's authentication (SAML). The main concept is that "my" app is receiving already logged user with so called assertion. And the point is how can I customize Spring Security to recognize mentioned before assertion as proof that user is authenticated. Or maybe should I write my own filters instead of using Spring Security?
Unfortunately I can't share the code - company policy ;(
Any feedback is appreciated.
Maciek
If you receive a SAML assertion (it's easy to see, it's a whole XML packet), you absolutely need a library to deal with that complexity.
pac4j (security engine for Java) supports the SAML protocol. So either you keep Spring Security and use the pac4j extension for Spring Security: spring-security-pac4j or you directly use the pac4j security libraries for Spring MVC/Boot: spring-webmvc-pac4j or for J2E: j2e-pac4j for example.
I have been asked to create an oauth2 server to access multiple webapps of our company. And I am following this github project.
I dont have nay idea about creating Oauth2 server.And stuck while Getting Access token via authorization code (followed given process in link).
When you speak about an OAuth2 server you mean the interface between user storage (f.e. LDAP) and the web aplications?
The easiest way to have an OAuth2 server would be to install WSO2 IS and configure your LDAP as a secondary user store.
I have not coded the server side of OAuth2 but Apache OLTU is a project that has been very helpfull for me. It includes libraries for the server part.
Spring Security OAuth2 provides some sample code, one of which is an Auth Server.
http://projects.spring.io/spring-security-oauth/docs/oauth2.html
By default, it supports a single user. But it could be modified to be a more fully-featured Auth Server. But it does show how to use Spring Security inside the Auth Server as well as implement the OAuth server endpoints and return JWT
I have project based on JHipster and I have to implement CAS authentication to have SSO to 2 applications (one is this java jHipster project and another is php app). I found sample configuration in spring docs, but it uses xml configuration. Is there any existing implementation/tutorial using java configuration for CAS client? I'm totally new on this topic, so every hint will be useful.
I've just made a project example with jhipster and CAS auth : https://github.com/jgribonvald/demo-spring-cas-angular.git
feedback is welcome ;)
I'm working on a web application under Tomcat on a Linux server and all clients are under a windows domain. I need to get the user account from the request to assign it the right role on my application. So to summarize I just need to retrieve the user account becasue the authentication is not required.
What could be the more easy framework or solution to do that? Jaas could be the solution?
Could you help me, please?
thanks,
Andrea
Have you checked out Spring-Security?
http://static.springsource.org/spring-security/site/
Spring Security supports Single Sign On options using Kerberos, JNDI/LDAP, Active Directory, OAuth, OpenID, etc.
Integrate Single Sign On using Spring Security
Try the Apache Shiro project, former JSecurity.