I'm trying to enhance an existing Java web application with an OpenId service, so that a logged in user can log into another OpenId enabled app using my web application as an OpenId provider.
My first attempt was to use JOS as OpenId provider which should in turn use my app's database to get existing user names and passwords. Nevertheless I could not find any documentation for JOS, when I was trying to customize JOS to make it fit to my existing app (It did not even compileUpdate: It only compiles with Java 6).
At the moment I am searching for other possible solutions, but OpenId provider frameworks seem to be scarce.
What would you recommend? Using a finished server like JOS or should I consider to enhance my application by writing my own OpenId server with libraries like openid4java?
I have not tried it myself, but my team started work on a JSF+OpenId integrated application after studying these few examples:
Client: IBM Example:very helpful
Server: IBM Example:very helpful
Additionally: what is OpenId and how its work
Also: openId API for Java
That's all I know about this, I hope it helps.
In OpenID web site, you can find tons of options.
Couple of years ago, I've implemented this kind of project using OpenID4Java.
(Note that in your back-end you will have to connect to some repository that keeps all users/passwords - I've used OpenLDAP for that)
HTH.
Related
I finished studying OpenID to understand its main features. The next step is an OpenID Provider program for my clients. My goal is to develop with SpringBoot (without using Spring Security).
I noticed that I have OpenID Connect, MITREid as options. But none presents a tutorial on how to create a customer and supplier of one.
On another topic, found links from IBM, however, are all out of thin air.
It would be of great importance a simple tutorial as a kick start for the OpenID Provider development for my application.
I appreciate that this is a year after the OP's question, but I found some more information whilst doing my own research into the same subject.
There is a Spring Boot port of MitreId available here
which I found very useful as a working example.
I also want to mention that the Mitre is available as a Maven Dependency
I hope this helps the next person visiting this page !
Update 2022
Spring Authorization Server is a supported Spring Security project that should go GA in November 2022
Original
It rarely makes sense for someone to roll-their-own OpenID Connect Provider. It's not trivial. MitreID Connect even uses Spring Security for part of their code. If you want to use MitreID Connect but as "spring-boot", you can look at some ports of mitreid connect to spring-boot and java config...but I'm not certain they are maintained.
By the way, what do you mean by
none presents a tutorial on how to create a customer and supplier of one.
Do you mean how to use mitreid connect?
Documentation
Example provider
Example client
Anyway, unless you really know what you're doing, I'd recommend working with an existing OpenID Connect Provider. See: http://openid.net/developers/certified/
Meanwhile there is a Spring communtity-driven project: Spring Authorization Server it was announced in April 2020 on Spring Blog.
<dependency>
<groupId>org.springframework.security.experimental</groupId>
<artifactId>spring-security-oauth2-authorization-server</artifactId>
<version>0.1.1</version>
</dependency>
Its current version is 0.1.1 available since May 2021. (Version 0.1.0 is available since February 2021)
Tuturial: Baeldung Spring Security OAuth Authorization Server
We have a Java web application (using struts and hibernate) and want the users to automatically log into the Google apps domain accounts.
We have set up the Google apps for Education domain accounts and created the users in it and we have the same users in our java web application also.
The requirement is that when the users log into our application portal, their is a link to go to Google apps, once they click on this link, it should log them in without asking for password.
We are using Tomcat 7 as our server for the web application. Which SSO tool should we use for doing this? Oracle's SSO is paid, Shiboleth doesn't work with Tomcat 7.
Any help highly appreciated? Is SSO the only option or another way to do this.
Thanks
Any SSO solution that supports the SAML2 protocol should work. Apart from the expensive solutions that Oracle, IBM, CA and others provide, you can find the following solutions that definitely work well with Tomcat7 and are open source :
Apereo (ex Jasig) CAS : Used quite a lot in the education community. Simple to setup but specific configurations (like an advanced authentication module) might require some programming effort. It supports Google Apps authentication, but none other SAML2 service. If you really want to only login to Google Apps, that's a great and simple solution.
Forgerock OpenAM : Formerly Sun OpenSSO, this is used in education and industry. Many more features, supports most of the SAML2 service providers out there including Google Apps, but more complex.
Note that if you already have a portal solution, you should check if that portal does not already support SAML2 federation and could act as the SSO server.
Note also that you will need to link the portal authentication and the SSO server authentication, to make sure that your users do not authenticate twice. This can be done in two ways :
Tell the SSO server to delegate the authentication to your portal solution. This might require some light custom coding depending on your portal.
The opposite : tell the portal to use the SSO as an authentication solution. Most portals support some kind of authentication delegation so it should only be configuration?
Lastly, if your authentication is setup on Tomcat itself (that is if your portal already delegates the authentication to the Tomcat container), then you can do the same for the SSO server.
What I am looking for is a Java servlet implementation of an OpenId provider for LDAP ... something I can plug into TomCat, point it at an LDAP directory server, and provide OpenId style authentication from those user accounts in the directory server.
I have been using OpenID4Java for years and it works fine, but it is just an API, and does not provide the user interface required for a complete OpenID provider.
I want to be able to write a large number of small web-based utilities, and allow people SSO access to all of them using OpenID, but these people already have accounts in the directory server, and I do not want to make them create a new password. They should use the same old password they are used to.
I tried OpenID-LDAP, but it is based on PHP. I am looking for one I can install into TomCat and manage consistently with other JSP based applications. I looked at JOIDS which seems to have capability to register and manage users, but nothing to link to LDAP. This excellent Wiki Page lists other options, like Atlassian Crowd, but I need open source.
I am asking at this time to see if I have missed anything. If there is nothing, I will probably write one.
You may try using WSO2 Identity Server which provides OpenID provider that can be plug in with LDAP and provides UI as well.
I want to utilise the Facebook JavaScript API in the client, but manage app logic and configuration on the server through REST web services. I've tried a lot of tutorials out there, but so far I haven't seen one that actually works.
What do you recommend as a server / web framework?
What technology should I use for my REST endpoints?
How can I host this application in a place where facebook will "see" it as a valid app?
I'm looking for a comprehensive tutorial or set of recommended practices to get started.
Thanks
I just so happened to create a blog series that takes you through EVERYTHING you will need. The articles:
Setup Eclipse (IDE) and JBoss AS7 (server)
Setup other JBoss Tools including Forge
Setup JAX-RS Web Service in Java using Forge (very easy!)
Setup account to Host the site for FREE with OpenShift
Setup an entire sample Facebook App
This blog series should be EXACTLY what you're looking for. You can find the first of three articles here:
http://ocpsoft.org/opensource/creating-a-facebook-app-setup-and-tool-installation/
I would recommend going with Spring Social module with has a good abstraction of the Facebook API.
You could then expose these services via REST with Spring Web Services or Jersey.
I am not sure about the hosting. Facebook should see it as a valid application no matter the host. Even your development computer/localhost cando it.
I'm having a lot of problems trying to implement an OAuth provider.
I would like to know if anyone has successfully used an Oauth provider using Java? I found a lot of libraries but all of them are really bad commented and I cant work with them. I'm accepting any documentation that explains how an oauth provider should work and/or how implement it.
Situation: I have some data in MySQL on my server and I would like to authorize a "rely party" to access over OAuth, but I'm not sure how to do it.
I assume you want to secure your server-side services with Oauth? You did not say what kind of server-side technology you are using.
For example for REST-based servers, both Jersey and Resteasy already have Oauth integrated.
Also, this seem to be a pretty complete servlet+JSP OAuth example: http://oauth.googlecode.com/svn/code/java/example/oauth-provider/
Here is a better alternative, It's in java and comes with demo dropwizard and Java EE applications
https://github.com/OpenConextApps/apis
ApiFest is an open-source project that implements OAuth20 specification final version (RFC 6749). The project is available at github and it is released under Apache License, Version 2.0. ApiFest is written in pure Java and uses Netty as a server. You can check the code - https://github.com/apifest/apifest-oauth20. You can take a look at the documentation on the site, too - http://apifest.com.