I am trying SSO between my application and zendesk. I am using openam for this purpose. Suppose app is deployed as app.myapp.com. And I want to have SSO feature with zendesk, whose URL could be something like accountname.zendesk.com. How do I setup openam configurations?
Whatever I have read in documentation is that, there should be a server with openam installed on it. And this will serve as Hosted Identity Provider. Now zendesk is going to be a service provider. This will be remote service provider. So how do I set this up? Should there be another instance of openam acting as remote service provider?
I tried configuring openam for 2 days, but openam documents are too abstract and I couldn't get it to work. Then I tried SSO using JWT i.e. JSON Web Token. Now Single sign on between my application and Zendesk is working fine.
Related
image of the website I am intended to set up a SAML SSO with my web app. I am currenty having a web app that has its own two step verification process for validating the users. I need to configure this web app as my Identity provider and use the website https://velpic.com as my Service provider. This website supports SSO and for accessing this website the user has to be first authenticated in the web app and should maintain a SSO in the website. I already have my java webapp running in tomcat 9.0 and now need to implement this. Can any one help me with getting started?. And i dont want to user any external Idp providers.
Using the webapp, which uses corda-webserver, how to implement authentication mechanism for RPC Users?
RPC Users mentioned in the configuration file.
And perform role based actions(Only accessible flows).
I could only find detail about authenticating RPC Users through ClientRPCOps, but couldn't find anything about web based authentication.
Web authentication is not directly related to Corda. Connecting to a node via rpc requires authentication. Anything past that is not Corda's problem.
If you want to setup web authentication, then you should look into how frameworks like Spring or Ktor handle these scenarios. Corda is not web based by default and requires integration into a "web server" application to be web-enabled.
I have been asked to create an oauth2 server to access multiple webapps of our company. And I am following this github project.
I dont have nay idea about creating Oauth2 server.And stuck while Getting Access token via authorization code (followed given process in link).
When you speak about an OAuth2 server you mean the interface between user storage (f.e. LDAP) and the web aplications?
The easiest way to have an OAuth2 server would be to install WSO2 IS and configure your LDAP as a secondary user store.
I have not coded the server side of OAuth2 but Apache OLTU is a project that has been very helpfull for me. It includes libraries for the server part.
Spring Security OAuth2 provides some sample code, one of which is an Auth Server.
http://projects.spring.io/spring-security-oauth/docs/oauth2.html
By default, it supports a single user. But it could be modified to be a more fully-featured Auth Server. But it does show how to use Spring Security inside the Auth Server as well as implement the OAuth server endpoints and return JWT
I have A SSO environment configured through CAS. When I log into one application and try to access the other application login it will successfully authenticate without credentials. Or, if I make a rest call to the other application when logged in through any of the SSO configured application , I am getting the result while using an application like POSTMAN. But the problem is when I am making a REST call from java back end. Instead of generating a token CAS is redirecting me to the login page... Please, let me know how to proceed.
For web application to backend communication, I will recommend using the proxy mechanism: https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough
The way to configure everything properly depends on the CAS client you use.
I have a Java EE web application from the web app I have to consume a SharePoint web-service which expects Kerberos/NTLM authentication how can I achieve. I am using CXF for consuming web-service and the web application it self uses Windows Integrated Authentication for authentication.
Take a look at the SPNEGO protocol, this is what Sharepoint ( technically IIS ) uses for Single Sign On authentication. I am not familar with CXF, but generally most of the WebServices platforms allow you to supply additional headers with your request. Basically what you need is:
1. Get authentication token for the sharepoint from user session
2. Use JAAS to generate tokens.
Look here http://appliedcrypto.com/spnego/spnego_jaasclient.html and here http://docs.oracle.com/javase/6/docs/technotes/guides/security/jgss/lab/part6.html for more details.
For the case when you want to authenticate browser users to sharepoint. You have to implement SPNEGO protocol in your web app for example you can use this package do it you. Most of the modern app servers support SPNEGO protocol [ JBoss, WebSphere ]. After you implemented SPNEGO protocol, you can grab the kerberos token from 'Authorization' header.
Then you have two options:
In case you run your web-app with the same identity as the SharePoint front-end you can just resend the same token to the sharepoint.
In case you running as a different identity, you have to use the user's token to go to active directory and request a ticket for sharepoint service on behalf of your user. The account that your web-app runs under has to be trusted for delegation in Active Directory
Also, I am not sure that SharePoint accepts kerberos tokens within SOAP headers, I believe you have to authenticate using HTTP headers.
This question might help you
If you want to use single sign on feature meaning using current user identity take a look
here