I have implemented idp using OpenAM. Now i have to implement sp. I tired using fedlet but couldn't integrate with my existing app. So, i am now trying to write sp from scratch to implement SSO. Can anyone provide steps to implement sp using OpenSAML?
If you have a java-based WebApp then using Spring Security SAML extension is quite simple to integrate.
Why dont you define a SP in OpenAM without the fedlet? If you want to use OpenSAML for it, I have a book, A Guide to OpenSAML, that introduces SAML and the OpenSAML library. I also have lots of examples here on my blog.
Related
We are totally new to SAML and Okta. We are a Java based SAAS web application which will be used by multiple customers. We are looking forward to implement SAML integration with Okta and we need the details to get started with.
How do we register ourselves as third party application in Okta ? if so, can we support multiple customers IdPs with single SP.
How do we develop SAML integration in Java and integrate that with Okta.
Any pointers would be greatly appreciated.
Thank you.
Welcome Vasantha,
as you probably know, your app will act as a SAML Service Provider, so you just generate SAML SP meta data and hand it over to Okta admins. It actually does not matter which SAML IdP implementation the 'SSO partner' is using. SAMLv2 as an 'internets body' standard is product agnostic.
You can support multiple IdPs, but most SAML SP libs may not support this out of the box.
You should not try to implement a SAML SP yourself. It's way more than just handling SAML messages. You may choose one of various SAML Java SP implementations.
I have created some APIs using JAX-RS jersey. I have been given task to secure them using Oauth 2.0. In google I found many articles in which they explain how can I access google API, facebook API etc. they told me how to access already created APIs
But my question is how can I make my API secure using Oauth in java so that when another applcation want to access, it needs to provide authorization and authentication token etc.
Can anybody help me with the code in java. you can suggest some even paid tutorial of udemy coursera if you know. I will opt for them. I am not using any framework like Spring or Springboot.
I would advies checking out the following page:
https://www.baeldung.com/spring-security-oauth-jwt
It makes use of keycloack for authorization server and spring for configuring the resource server.
I require references or guides for creating working java project with SSO using SAML 2.0 with ADFS and AD.
I tried with link (https://www.journaldev.com/21773/azure-ad-sso-java-adfs-sso) but not able to complete (ADFS Configuration for Single Sign-On SSO) part.
Please guide.
If you want to use ADFS, you need the ADAL Java library.
Note that most of the documentation is for Azure AD but the principles are the same.
There are some examples here.
In particular, this sample shows the changes required to work with ADFS.
I have webservice (server-side) implemented using axis2 in my project. We want to enable WS-security in the existing web services. We are evaluating if apache ramapart module fits our need. Here is our requirement:
Basically we have in-house security framework which provides encryption,signature and token generation capabilites. Our in-house security framework basically requires a set of configurations in form of XML and it expose various APIs to do various security operations.
Now with above environment, I can think of three possbile solutions:-
I can develop an axis2 module around in-house security framework and install it as .mar file in security phase. So I will not use apache rampart. But issue with this approach is I can't use ws-security policy to specify security assertions and making sure incoming security tokens conforms to effective policy. It is like reinventing wheel what rampart already doing.
I believe apache rampart underlines call to apache wss4j module for security operations. I believe apache wss4j module provides a way to register 3rd party security provider (by implemeting CryptoProvider interface). I am not sure if this is feasible and viable solution. Please suggest.
Ws-security policy allows to use a custom token. This custom token can be built up using our in-house security framework. So basically it enables us to create ws-security policy using apache rampart module and have custom token developed using our security framework. But I could not find help regarding this on internet. Could anyone please help with example.
any other suggestions are also most welcome.
I've posted an answer here: How to encrypt SOAP messages manually?
There is a very detailed example there that you might find useful.
you can set the provider by using :
cryptoConfig.setProvider(PROVIDER);
Regarding the custom security headers, I'm sorry but I didn't try it so I can't help you there.
I'm having a lot of problems trying to implement an OAuth provider.
I would like to know if anyone has successfully used an Oauth provider using Java? I found a lot of libraries but all of them are really bad commented and I cant work with them. I'm accepting any documentation that explains how an oauth provider should work and/or how implement it.
Situation: I have some data in MySQL on my server and I would like to authorize a "rely party" to access over OAuth, but I'm not sure how to do it.
I assume you want to secure your server-side services with Oauth? You did not say what kind of server-side technology you are using.
For example for REST-based servers, both Jersey and Resteasy already have Oauth integrated.
Also, this seem to be a pretty complete servlet+JSP OAuth example: http://oauth.googlecode.com/svn/code/java/example/oauth-provider/
Here is a better alternative, It's in java and comes with demo dropwizard and Java EE applications
https://github.com/OpenConextApps/apis
ApiFest is an open-source project that implements OAuth20 specification final version (RFC 6749). The project is available at github and it is released under Apache License, Version 2.0. ApiFest is written in pure Java and uses Netty as a server. You can check the code - https://github.com/apifest/apifest-oauth20. You can take a look at the documentation on the site, too - http://apifest.com.