sso with netsuite integration in spring using cas - spring

I want to implement Single signon between Spring application and Netsuite using cas. Seached many things on net but nothing was fruitful. kindly help me on this with some links or documents.
Thanks in advance.

I just completed two SSO's in NetSuite for our firm. (You will find this under Setup>Integration>SSO) We ended up having NetSuite send a specifically crafted URL to our internal PHP intranet. The web app' there receives the incoming URL and does stuff on it, and the user gets what they need.
Forgive me for not knowing anything about Spring, but if you can run your web app' to receive an incoming URL (post), then you will create a new SSO object inside of your ERP instance, and pass the values that you need to pass to your web app' from there. Those can be built-in values that come right out the system (ie: "{entityid}") or these can be values that you create with a script, pass them to the SSO, then the SSO passes those to your web app'. You can "place" an SSO "object" on to a "custom Tab" on your "custom Form". Or you can create an entirely new Form. Or you can place your SSO in some other location. I chose to place ours on a custom Tab, as that was effective for our use case.
The only other two places you can "place" your SSO is on to a "Portlet" (say, like a custom panel on your Dashboard or similar) or a "SuiteLet" (which I havent done yet but am working on right now).
If you have any "bundles" installed in your instance, some of them have SSO inside of them, and some of them are "protected" and some of them are not, and the unprotected ones can be downloaded as JavaScript to your machine for examination, consideration, & emulation.
The help in SuiteAnswers is decent but doesnt give many working examples for your to adapt. The PHP Tool Kit has a working sample of an SSO inside of it & I highly recommend getting that, unzipping it, and reading all of those files, even if it has no table of contents, you can easily follow all the includes and references amongst those files.
If you have a specific follow-up question about something in there, please post, and while I'm an intermediate at it, I'll give it the ole college try to answer. And if you need anything past that, ping me.
Cheers.

Related

Spring Boot: How to securely authenticate two different kinds of user using NextJs as a frontend

I have never really done authentication yet. At this moment, I'm stuck and not really sure on what would be the best and most secure way to handle it.
To get an overview on what I'm working with:
For the backend/REST API I'm using Spring Boot and for the frontend NextJs.
Furthermore, Two types of users are needed, some who can either create, analyze or manage content (basically different roles) in our custom CMS. And on the other side, app users who are consuming this content (on a iOS app).
That's what I'm trying to achieve as a minimum requirement, but it would be even better if it would somehow be possible to manage only a list of specific content for a specific role (e.g. analyze). Like for example, only blog articles that are in this list.
I know it's a really broad question, but I would be happy with some general directions or links to resources that could guide me in a way.

Best way to implement single sign on in Laravel?

I'm building an application that has a core hub, say it's called musictickets.com
We'll provide a subdomain (bandname1.musictickets.com) to bands on which only their content will display, which they can mask using a CNAME record to be part of their domain - so tickets.bandname1.com
There would be multiple bands using the platform so you'll end up with pages at
tickets.bandname1.com
tickets.bandname2.com
etc.
I'd like a user who registers at tickets.bandname1.com to be automatically logged in on every site that uses the service, including the parent, musictickets.com . They should be able to register/login using OAuth or directly via form based authentication.
I'm looking at SAML (specifically https://github.com/aacotroneo/laravel-saml2) as one option, but want to throw this out to the wider community for comment.
I've also looked at using token based SSO as described here (single sign on (sso) laravel) and running an auth server (which I may do in any case). Alternatively, I've looked at using iframes to provide the functionality which feels quick but dirty.
As I understand it, I wouldn't be able to use cookies (for an API key for instance) because whilst all of the content will be displayed via a subdomain, the CNAME would make it a different domain.
Does anyone have any thoughts on the best strategy?

How do I use phpoidc?

I hope I am not being to dense but I don't know how to use phpoidc. I have downloaded phpoidc from https://bitbucket.org/PEOFIAMP/phpoidc. I have followed the instructions in the INSTALL file. Now that it it supposedly installed, how do I use it? There does not seem to be any documentation on this.
I just want to set up simple user authentication on my site. I am running CodeIgniter 3.0 rc. I primarily want to allow login with google accounts.
Are you talking about the OP side or RP side?
OP side should be quite self-explanatory as it is a stand alone thing.
RP side needs integration to your application.
The phpRp is just a sample implementation that uses these libraries.
What it does is to create an OpenID Connect request and process the call back to see validate the response. Then, typically, an application needs to associate the iss and sub in the ID Token to a local account: you need a mapping table for it. Once you are done with that, create a session and off you go.

Spring Custom SSO

I am trying to integrate two separate web applications - one is an existing custom web application with it's own security paradigm and the other is a reporting platform (JasperServer). I want to be able to use Jasper's web services interface to integrate the reporting functionality into our application. Our security model is complex and is home grown but I think there is hope.
We set a cookie that is an encrypted string containing a web service URI as the authentication source and a token which is stored in the database that is created when the user logs in and is destroyed when he/she logs out. I think I can leverage this to implement a kind of SSO in Jasper since it uses Spring Security.
What I THINK I should do is implement a pre-authentication filter that checks for the cookie I mentioned above. It could then decrypt it, make a web service call to the authentication source provided to verify the token is active in the database. If it is, that token can be used to point to user and role information that could be returned as a UserDetails object.
Unfortunately, I know enough to be dangerous but not enough to be effective. Am I on the right track? Does this solution sound tenable? If so, where would be a good place to start and are there any examples of something similar you could point me to? I've searched around quite a bit and have found nothing that quite fits the bill.
Thanks in advance to any and all who can provide me a glimmer of hope
Cookies are tied to a domain/subdomain/path and port. It is possible to set a cookie at the domain level so if you have something like webapp.mydomain.com and jasper.mydomain.com you may be ok assuming they are on the same port.
However be very careful about implementing your own SSO/Authentication framework. It requires a great deal of thought. As it stands your proposed implementation would be vulnerable to: replay, man in the middle, and XSRF attacks ... there may be other vulnerabilities but these are just 3 that come to mind ... sorry! :D

Updating App with Web Information

Hey everyone, I am sorry if this question has already been asked/answered
But I have a Cocoa program that has different arrays of models. Each model hold just Strings and one Image. Archiving and Loading works great.
Each model represents a web account, that is, it holds the username and password, and some other information related to the website. Moving forward I would like to be able to update information in each model by accessing the information from the website. For example updating a balance ($). I am wondering if there is a way to do that programatically that is:
Automatically log into web account using the entered username, pass, and website url
Update the balance based on the information following log in.
Thanks for the help in advance!
Tamara
There is no single approach to log into any arbitrary website. You will need to know what the API for the given website is. If the website provides a web service to query things like balance, then you would connect using that web service (REST-based if at all possible; SOAP is more of a pain in Cocoa), and update your model based on the results. If the website provides no web service, then you would have to scrape through the HTML responses looking for what you want, and this is generally very complex and fragile. There is no general answer to this question; you'd have to know what form the website is in.
On another note, make sure that you are not storing user passwords in unencrypted files. User passwords on Mac should always be stored in Keychain. There are many posts on SO about how to best use Keychain.
Rob, isn't it possible to just look through the login page's html source and see what are the names of the fields for user and pass, and then just send a POST request to that page from code ?

Resources