I have two websphere servers.One server has java web application deployed and other has BPM processes.I have configured SSO between two servers,both servers admin console is opening with SSO.
I have to open IBM BPM coach inside my web application with SSO, What should i do in my web application to open coach directly without given user and password.
For establishing SSO between multiple Websphere servers, all you have to do is enable SSO at server level, ensure that LTPA token is generated on successful login to your webapplication. Once LTPA is created, the same is propogated to the 2nd webapp/any other webapp which you access since the cookie created by the Websphere exists in browser and can be consumed by any Websphere server that participates in this SSO.
I am as well trying to setup the SSO between 2 websphere servers but i am unable to get the admin console apps logged in seamlessly.
Can you confirm the steps that you followed? I hope you are using custom standalone registry(referring to user.props & group.props for eg)
Related
image of the website I am intended to set up a SAML SSO with my web app. I am currenty having a web app that has its own two step verification process for validating the users. I need to configure this web app as my Identity provider and use the website https://velpic.com as my Service provider. This website supports SSO and for accessing this website the user has to be first authenticated in the web app and should maintain a SSO in the website. I already have my java webapp running in tomcat 9.0 and now need to implement this. Can any one help me with getting started?. And i dont want to user any external Idp providers.
Background: I currently have a java web application which is run on localhost on my Mac. Users can login to the web application, and their credentials are validated against an OpenLDAP server which is run on a certain port on my local machine as well (specifically using this docker image). The web application includes code which interacts with the LDAP server to provide the login username and password. Upon successful validation, the users are logged in and can continue to use the features of the app.
Problem: This web application will be deployed to clients who will be using Windows. They are requesting SSO capabilities - I.e. successful login to their windows machines under their domain bypasses the need for logging in to the web application when they run it. The clients cannot have some other Java application running on their machine which will help with SSO - simply logging into their windows machine should bypass the need for logging into the web application, which means Windows needs to be configured a certain way, and the web application needs to be configured a certain way for SSO. For testing purposes, I am using a windows 7 virtual machine which is run on the same machine that I am running and testing the web application on.
I've done research on SPNEGO, Java GSS API (looks like it needs client side code to communicate with server), Kerberos, Windows IIS etc. I know how to enable windows integrated authentication in Windows, but I don't know how to actually use this with my web application to enable SSO. Basically, I am still struggling on how to implement SSO capabilities in my specific case under these circumstances. Here are some specific questions:
Can browsers be configured to send encrypted windows credentials of the machine they are running on to the web application, which can then be decrypted by the web application and authenticated against LDAP? If so, how does this work?
Can the windows login credentials be configured to point to an LDAP server that validates them?
Overall, how can I integrate single sign on for a web application running on a windows machine, where the web application is configured to authenticate credentials through an LDAP server?
Windows SSO is based on Kerberos, not on LDAP. The reason why people usually mix them up is that Microsoft Active Directory acts as both LDAP server and Kerberos server.
If you need transparent authentication (SSO) for your Windows users you have to implement Kerberos authentication.
They way how Kerberos is implemented for web applications is called SPNEGO.
You need to do the following:
Create a service account in Active Directory for your server, say REALM\svc_server
Create an SPN for your server which will bind the domain name of your server to this server account. If your server is running on https://server.acme.com it should be HTTP/server.acme.com
If windows user is logged into domain REALM and goes to https://server.acme.com browser will lookup an SPN based on name HTTP/server.acme.com, request a Kerberos ticket from Active Directory and send it to server in a Authorization header as per SPNEGO specification
Now you just need to validate this ticket using built-in Java Kerberos API or using some third-party library (kerb4j, spring-security-kerberos, e.t.c.)
As you can see LDAP is not involved in this authentication flow (although it can be used for authorization as a next step)
I am trying to setup authentication in for Tomcat on unix server.
Tomcat installed- apache-tomcat-7.0.47.
I have followed the page How to configure tomcat-users.xml to secure a page in tomcat?
But then it is only asking for password for the main apache home page and when I enter the password it doesn't work.
Another problem is that it doesn't ask for password for all the applications that are installed under webapps.
JAAS is the framework for you at the root level. Although there are different framework but if you want security at tomcat server level with no third party interference. Go for JAAS.
https://en.wikipedia.org/wiki/Java_Authentication_and_Authorization_Service
I am trying SSO between my application and zendesk. I am using openam for this purpose. Suppose app is deployed as app.myapp.com. And I want to have SSO feature with zendesk, whose URL could be something like accountname.zendesk.com. How do I setup openam configurations?
Whatever I have read in documentation is that, there should be a server with openam installed on it. And this will serve as Hosted Identity Provider. Now zendesk is going to be a service provider. This will be remote service provider. So how do I set this up? Should there be another instance of openam acting as remote service provider?
I tried configuring openam for 2 days, but openam documents are too abstract and I couldn't get it to work. Then I tried SSO using JWT i.e. JSON Web Token. Now Single sign on between my application and Zendesk is working fine.
I'm trying to configure our weblogic to accept cross domain.
I have the following problem:
I have two domains (www.a.com and www.a.net) and both domains are calling the same weblogic server.
When a user access to our web for www.a.com weblogic assigns a JSESSIONID. If the same user change to www.a.net weblogic creates a new session with a new JSESSIONID. Then, if the user is logged in www.a.net, he appears at the other domain as not logged.
I have Weblogic 11gR1 and spring security.
How can I configure weblogic to share session between different domains?
Thank you in advance.
Gus.