I have A SSO environment configured through CAS. When I log into one application and try to access the other application login it will successfully authenticate without credentials. Or, if I make a rest call to the other application when logged in through any of the SSO configured application , I am getting the result while using an application like POSTMAN. But the problem is when I am making a REST call from java back end. Instead of generating a token CAS is redirecting me to the login page... Please, let me know how to proceed.
For web application to backend communication, I will recommend using the proxy mechanism: https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
The way to configure everything properly depends on the CAS client you use.
Related
I'm trying to run the servlet/spring-boot/java/saml2/login-single-tenant example from https://github.com/spring-projects/spring-security-samples.git using Keycloak.
I started a local docker Keycloak container in which I created a new realm with the saml identity provider.
When I run the example it connects to keycloak to fetch the /saml/descriptor, which is returned correctly. But then it throws an AccessDeniedException.
I don't know what I'm doing wrong, I don't even know what I should be doing right. Can anybody help me please?
The ultimate goal would be to have a pure machine to machine connection, without login page, protected by SAML.
Ps.: I know about OIDC, but I'm working on a java client that connects to a SOAP webservice that requires a SAML security token.
I have to make an application in tomcat which core responsibility is to redirect all request coming from browser application to API server. It works like proxy server between browser application and API application. Have to write it on tomcat. How can i achieve this, do i have write a REST API application on tomcat too?
Project Description
Requirement is like we have two application one is developed on React, its a web-portal and the other one is on spring-boot as a backend application (json apis).
spring-boot application is going to be deployed on secure zone and web-portal is in DMZ. web-portal in on internet, backend application is on intranet. As web-portal is a CSR application so the api's calls from web-portal contains backend application IP/URI but it cannot be accessible from internet.
So i am planning to write an application on DMZ zone and it will be deployed on apache tomcat, so like when request comes at tomcat it redirect it to backend application server which is on intranet with all headers/payload and redirect response from backend server to web-portal.
You want to set up a reverse proxy which is a standard pattern. Take a look at the answers at Reverse Proxy Java or just search the web for "reverse proxy java".
If you are not bound to implement it in java take a look at Nginx which we use in many projects to transfer the request from the web app to the REST backend.
I am working on an application architecture which will have independent UI Layer(HTML5 and Angular2) and Service Layer(Spring Boot Project) . Both will be hosted on independent servers. The UI layer will fetch data from DB using REST Calls. I Have few queries.
1. I am building my UI with Angular2 which basically runs on node.js. How can i integrate spring security using ldap.
2. How can i make REST Calls to my service which is hosted on a different server.
3. How do i solve the issue of authentication/authorization with REST Service using Spring security.
Looking forward to your responses.
Thanks,
Avinash
How can i integrate spring security using ldap.
Use Spring Security LDAP module to wire up the security services of your backend. Secure the URIs and that is all that you require.
Spring LDAP Guide
Spring LDAP Reference
How can i make REST Calls to my service which is hosted on a different server.
I presume that you will have the backend on a server and there is connectivity between your nodejs server and the backend server. Use the hostname and port if you want things to be simple. Please allow CORS on your backend server either programmatically, or by using a proxy server such as nginx.
How do i solve the issue of authentication/authorization with REST Service using Spring security.
Spring security will enable end points for Authentication and Authorization. Your angular application must need to check for the authentication at the start of every request ideally, and when there is a (401) Authentication Failure, redirect to a login controller. Keep the default route to the angular application to the login controller too.
I have 2 different web applications that uses spring and are running on the same tomcat (maybe later to be separated to different tomcat for each)
My first webapp is a straight forward web application that users can login, create account, and do stuff.
The other webapp is actually executing periodically http requests (rest api) towards the first app.
My problem is i must ensure that these requests are actually legitimately being executed from webapp#2 and not from another hostile requestor.
1) How can i do that?
How can i make sure in webapp #1 that it must serve only requests from webapp #2?
I don't want to rely on IP address alone.
2) Does spring security can help me achieving this?
3) Does authenticating from web app #2 against webapp#1 via the standard spring security authentication mechanism is a viable solution? (username/pass that is only known to both webapps)
For a login you can use a service all form most facing web portal, and once authentication is successfully done than you can transfer on a spring login authenticated page and its pass access for user as well
Starting a new project to create a restful Web Service that requires callers to be Authenticated by Kerberos (Active Directory).
The web service will be hosted by Tomcat and I was planning to use JAX-RS with JAAS but I'm not finding much information on this, does anyone have information or experience on getting this to work?
Should I be looking at Spring and Spring Security instead?
Apache provides good documentation for using JAXRS with kerberos. Here is the link:
http://cxf.apache.org/docs/jaxrs-kerberos.html
I have the same issue. I googled extensively and not found a good answer.
The problem is that the issue has several layers and most answers point to (usually vague) solutions for only one layer.
And there is not a single complete and clear example for the end-to-end solution.
LAYERS
Client call to rest service using kerberos/windows logged in credentials.
Answers usually show how to use kerberos to authenticate but fail to say how to use it to pass the logged in credentials to the REST service.
Both Spring REST client functionality and native Java seem capable of doing this but it is not clear how.
Processing by the REST service of the authentication request by the client that is authenticating via windows/kerberos.
Spring REST service functionality appears to be the easiest way to implement it but again it is not clear how to tell the REST service to expect that authentication method.
Either forwarding the client kerberos credentials to whatever resource the REST service is trying to access, or get a success/failure and then the REST service uses kerberos/windows authentication itself (different credentials from the clients) to access a resource.
I hope this clarification of the issue helps in producing a good answer.
In Kerberos there are two severs url involved authentication server and the other ticketing server. If you go to browser console under ticketing server response parameter you can see a cookie that you can utilise to authenticate your rest api by utilising it as a request parameters.
That’s the only solution to authenticate your rest api.