I have the following scenario:
In MySytem there are these actors: MyApp, Keycloak, LdapSystem.
In ExternalSytem there are these actors: User, FtpServer, FtpPasswordChangingSystem.
Currently, the operation is as follows:
User uses FtpPasswordChangingSystem to change the FtpServer access password whenever it wants.
User sends me the password in an email and I change it manually in MyApp.
MyApp is a server application that is running continuously and accessing FtpServer every hour.
But, I would like to change that behavior and my goal is the following:
I register User in LdapSystem.
Every time User wants to change the password, in addition to doing it in
FtpPasswordChangingSystem, User must log in (using LdapSystem) and register
the password in Keycloak.
MyApp connects to Keycloak to retrieve password and access the FtpServer with it.
Is it possible to get what I want with Keycloak?
Please, could someone give me some keys on how to implement it?
Thanks in advance.
Related
I am developing a small intranet to serve authenticated-only assets using Laravel 9. I install laravel:breeze in order to include login functionality and it works for users that register using breeze form in /register route.
I have an external database with the current users that I want to use instead of manually registering one by one.
Is there any approach for achieving this?
I have an app which uses another app for the users database. And it sure is using authenticate-by-id feature. Here how it goes:
A user opens MY_APP and is opening login url which prompt him/her to login using Gmail (might be different in your case)
MY_APP receives the Gmail account
Check the existence of the account in MY_APP database: authenticate it if exists, and proceed to the next step if otherwise
MY_APP checks the existence of the account in the USERS_DB_APP through an API
If the account is not exists, the login request will be denied
Otherwise:
Save the user record from USERS_DB_APP to my own MY_APP database
Then proceed authenticate the user using its just-created id
Your actual case might be different from this. But I hope it can gives you an insight to some level.
I am creating a win32 application in C++. The user will need to login with username and password. These will be used to authenticate to a web server and then the application will communicate with the web server. I would like the user to only need to input credentials the first time opening the app by having the username and password saved somewhere. How should I accomplish this? I could just save it in some plaintext file. But it looks like from searches that there is something called DPAPI? I'm not sure what is appropriate for my use. This is my first time creating a win32 application.
Is there any way I could execute a script that verifies if user is authorized to log in,after the user has logged in normally, but before he has shell access.
This is to solve a problem that we have with sharing server passwords.
Is it posible?
What I want to do?
We are using Yubikeys (OTP Generator). I would like to ask the user trying to log in to generate a new OTP then I, using a web service y created, check for two things:
1) If the owner of the Yubikey is authorized (in a MySql database)
2) If the OTP is valid.
I know I can use yubikeys as Second factor Authentication for Shell access, but I have a centralized system for all the permissions in the company.
What I have Done
Edited the ~/.ssh/rc file of the user I was trying to protect. This file makes the validation and then starts the shell only if the user is authorized.
Assume a user uses the domain name and password to login his personal computer, and then i want to get the current user information(such as a session) from the ldap server. Because i would like to use this session to login another web site without password.
I am not sure if i describe this question clearly, i summarize it again as below:
1. User login PC with his password and username
2. The script get this user's session from ldap server and stored
3. When this user want to login another webpage, this website use the session to login (without password)
Is there any ideas about this? i still don't know how to implement with this.
As far as I'm aware LDAP does not have a concept of a session on the level of authenticating the people in the directory (as opposed to authenticating access to the LDAP server). So the answer is that you don't. LDAP is typically only used to store the user information.
What you need is some sort of single sign-on (SSO) solution. It can use LDAP to store the user data of course.
I agree with Lennart. From LDAP, there is no mechanism to determine if the user is already bound.
There maybe some extensions or controls or SASL mechanisms that could provide that information from some LDAP server vendor implementations.
-jim
For our project we are using Solaris box.
After our build completion we keep kits to one directory and let users to access it by FTP session.
So we create user account on Solaris and share this info. to respective group of user.
I want to change this part and implement it like,
1.- Let user to login to ftp server with its one of the property login as 'anonymous' ... but change is, user/password = 'anonymous/#client-server'
2.- When user login as 'anonymous' run some script to check for its password. Based on that update this to log file.
The main idea is to avoid creating new user on server and by just validating password, can process which user has logged in.
So is it possible to run any script on server when any user logged in through FTP server?
Thanks in advance.