How to use the Ping Federate with MVC application for Single sign On through SAML2.0. Only client side implementation required because we are using existing Ping Federate Identity Provider(IDP) for authenticating the user via SAML.
Another popular approach is to leverage the Windows Identity Foundation (WIF) libraries. Through the web.config, WIF is configured as a WS-Federation connection to PingFederate via the system.identityModel and system.identityModel.services configuration. Then in the application you pick up the identity information via the ClaimsIdentity object.
You need a SAML 2.0 client side stack.
Pick one:
SAML connectivity toolkit.
Related
I'm looking to find a tool that will do the authentication (and authorization) part of the project. For the project, I will be using spring boot and java 8.
I will be working with OAuth2.0, the flow for untrusted client(web-applictation) and trusted client(another server)
I was looking at Keycloak and Spring Authorization Server.
But it's unclear what are all the possibilities with the Spring Authorization Server.
Like with Keycloak you have single sign on, identity brokering, social login, user federation, admin console, account management console, standard protocols etc.
Is this also possible with Spring Authorization Server, or what are the possibilities of Spring Authorization Server?
We're working on reference documentation which will include a feature list. In the meantime, see feature list on the GitHub wiki for the project.
From this PR, a possible short overview/answer to your question would be:
Spring Authorization Server is a framework that provides implementations of the OAuth 2.1 and OpenID Connect 1.0 specifications and other related specifications. It is built on top of Spring Security to provide a secure, light-weight, and customizable foundation for building OpenID Connect 1.0 Identity Providers and OAuth2 Authorization Server products.
Update: The reference documentation is now available and contains an Overview page with this information.
You can make custom OAuth resource server implementation or use the SAML standard.
Also, you can implement access by JWT token, which suites well for API-only service.
You can use also "Basic Authentication", but it's too simple for a mature applications.
I need to implement SAML 2.0 sso authentication to our existing Web API. I am fairly new to the topic so i am not sure where to start. i have been playing around with the dev ADFS server (ADFS 4 - Windows server 2016) and been following tutorials on how to setup Relying Trust Party.I have gotten the gist on how SAML works but still lost on how to implement this one via code in my webapi. I want to know how to begin implementing the SAML 2 auth to connect to the ADFS server, the web app is deployed on a different iis server. I have read https://github.com/Sustainsys/Saml2/tree/master but i am not getting how my web api would connect to the ADFS server to retrieve a SAML token and process it.
The problem you have is that the SAML spec. does not cater for API (either webapi or REST API). It's purely a browser SSO redirect protocol.
In ADFS, API are configured by the Application wizard but that's OpenID Connect with a JWT not an XML token.
Update
If your webapi is a REST API then use OIDC with a JWT.
Just FYI: ADFS also supports WS-Fed. WS-Fed does have an API profile (called the active profile) which is essentially WCF.
I am creating a Spring Boot application with oauth2 (openid Connect with ADFS) authentication.
The application's server and the ADFS server reside in two different private networks that cannot communicate with each others.
The client (web browser) resides in a third network that can connect to the two others.
Is it possible to set up open id in this configuration?
I cannot figure out how to configure the SpringBoot application to avoid communication between the two servers, like it is with Saml for instance.
you could consider to use OpenID Connect implicit flow which avoids direct communication between application server and identity provider.
I have two Spring applicatons and I need to authenticate first application in another apllication. Its server-to-server communication and authentication. Is OAuth suitable for this or there is another way to rosolve it?
Yes, OAuth 2.0 is suitable for authenticating other applications (clients) with its Authorization Server.
OAuth 2.0 Client Credentials grant type does that. For more information Check out these links: https://www.rfc-editor.org/rfc/rfc6749#section-4.4 and https://oauth.net/2/grant-types/client-credentials/
Spring provides an API (OAuth2RestTemplate) to automate client authentication process.
What's the best way to configure SSO between a WebSphere Portal Portlet and a .NET application?
We are using WebSphere Portal 6.1.5 and the portlet should just redirect to the .NET application, but not require the user to login since they already did on portal. Both Portal and .NET app are using same Active Directory(LDAP) for authentication.
SPNEGO is a mechanism that is widely used in WebSphere and Windows for SSO. I am not sure about .Net applications but it is worth your time to explore and see if this would help you in achieving your needs.
Try this for some basic info on SPNEGO and WebSphere
http://www.ibm.com/developerworks/websphere/library/techarticles/0809_lansche/0809_lansche.html
Using same LDAP for authentication does not necessarily mean anything. In most of the SSO scenarios, not all the back end servers use the same LDAP repository. All i am trying to say here is that there is no strong co-relation between the LDAP server and SSO.
HTH
Manglu