Please share the steps for Websphere integration with IDP providers. Like Okta, Microsoft e.t.c
I am configuring Okta getting an issue. If any one have done. Can they help me.
I'm assuming you're using Liberty app server, this video may help
If you're using traditional WebSphere, use these two documents:
Enabling SAML Web SSO
Configuring SSO Partners
Following those two step-by-step documents will configure IdP-initiated SAML Web SSO using OKTA as the IdP.
Related
Looking for Spring boot SAML integration (OKTA, any other IDP), able to do it single OKTA IDP. Now need to do it with multiple IDP's. It is like some one can login from OKTA or by using any SAML based IDP. IS there a way by which this can be achieved. Any suggestion would be great.
As you mentioned that you already did the SAML SSO integration with OKTA (IDP Provider), extending your application to support multiple Idp's won't be an issue. Exchange your metadata files with other IDP. Your existing SP metadata could be used on other IDP. The change you need to do on the application side to configured & load those IDPs metadata files.
You can follows this link for more details.
spring-security-saml-reference
I have couple of spring boot applications which constitute a micro service architecture and need to use WSO2 IS(which is hosted on CLOUD) authentication for authenticating the services(service to service authentication).
I could not find any sample program with Spring oauth2 client crdential grant with WSO2 Identity server combination yet.
Any direction would be of help.
Check the link below. It guides you to achieve your requirement step-by-step.
https://medium.com/#balaajanthan/oauth2-login-for-spring-boot-application-with-wso2-identity-server-da0a88893987
I'd like to give users the option to login to a Spring Boot web application using their Google or Facebook account.
I checked The Spring Cloud Security documentation and also This GitHub issue to add such SSO functionality, but on both they only show how to configure one SSO server, so it's either Google or Facebook.
How can I add both options? on the web front-end I will add a button for each option so the users can choose which account to use, either Google or Facebook.
Or I am choosing the wrong package and should use something different altogether to achieve this?
Thanks!
You basically have to install a separate authentication filter for each provider. There's a tutorial here: https://spring.io/guides/tutorials/spring-boot-oauth2/.
Is there any out of the box implementation to act AEM as IDP for another application by SAML. I have googled about this and found there is OOTB configuration for AEM to act as a service provider (SP). Please provide informtion or references to make AEM as IDPso that the users in the AEM are authorised to use some other service provider by using single sign on (SSO). Thanks in advance.
Out of the box, AEM (at least as of AEM version 6.2) can only play the Service Provider (SP) role in a federation supporting the SAML 2.0 Web Browser SSO profile.
You would need to deploy one of the supported SAML 2.0 IdP in order to implement seamless cross domain browsing for your users.
AEM does not expose any functionality of an IDP so using it for this purpose won't work. A custom implementation or 3rd party libraries might be able to expose this feature but there is nothing OOTB to provide it.
What's the best way to configure SSO between a WebSphere Portal Portlet and a .NET application?
We are using WebSphere Portal 6.1.5 and the portlet should just redirect to the .NET application, but not require the user to login since they already did on portal. Both Portal and .NET app are using same Active Directory(LDAP) for authentication.
SPNEGO is a mechanism that is widely used in WebSphere and Windows for SSO. I am not sure about .Net applications but it is worth your time to explore and see if this would help you in achieving your needs.
Try this for some basic info on SPNEGO and WebSphere
http://www.ibm.com/developerworks/websphere/library/techarticles/0809_lansche/0809_lansche.html
Using same LDAP for authentication does not necessarily mean anything. In most of the SSO scenarios, not all the back end servers use the same LDAP repository. All i am trying to say here is that there is no strong co-relation between the LDAP server and SSO.
HTH
Manglu