Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 months ago.
This post was edited and submitted for review 8 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I'm working on an application which uses role-based access control to limit what users can do. I would like to support authentication using OpenID Connect with the major identity providers such as Google. I'm having a hard time figuring out how companies usually use Google as the IdP for their organization.
I was able to make the regular login flow work, but I have no idea how to get any kind of role or group membership information in the JSON Web Key I receive from Google's OAuth server. I'm quite confused by the whole landscape of Google's authentication since there is IAM and Identity Platform which seem to be doing the same things.
How do large companies use Google's authentication if they rely on groups or roles for access control?
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 days ago.
Improve this question
I need help with this scenario,
I have yeti app hosted on aws ec2 instance and I would love to enable SS0(single sign-on) on it so that all my azure active directory users can use the same login details to access the app.
Note: Yeti app is not cloud native and I have corporate(enterprise) active directory subscription on azure
Best solution that I seek: Archive or migrate the yeti app to our azure active directory where there are other apps and then enable SSO on all the apps altogether.
I am reading somewhere that its possible to enable single sign on with aws and amazon connect without migrating the app to azure active directory, a little confusing and might be more expensive.
Please what solution do you think will be more suitable for this project and cost effective.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I have read all over the internet up and down about the differences in these three things and to me the waters seem incredibly muddy. I'm curious if anyone has any very clear way of explaining or identifying the differences between these three categories. Examples would be helpful.
I can read the differences all day, but nothing is computing with me. A Web Service and a Web API both do the same thing, I don't get it, and a REST API is just a type of Web API so how are these 3 different things?
A Web Service is a way to expose a system functionality in a machine-readable way over HTTP. The popular formats are SOAP, JSON or other XML schemas, but anything both sides understand will do.
A REST API is one architecture to design a Web Service, where resources are identified by URLs, and actions on them are identified by HTTP VERBS (GET, POST, DELETE, PUT etc.)
Web API is the Microsoft offering to implement a Web Service, REST or other. SOAP is not supported out of the box in Web API, but can be implemented.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
How can I set some APIs that I create it in in Publisher portal for specific users??
Which I want it when some user open his Devportal he will see only the APIs private for him
Anyone know please tell me how to do it
There are two approaches to that which are control API visibility in the Developer Portal and control subscription availability in Developer Portal. This doc will help you to do that,
https://apim.docs.wso2.com/en/latest/learn/design-api/advanced-topics/control-api-visibility-and-subscription-availability-in-developer-portal/
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
We have a requirement to consume a External RESTful web service from UI5 application. We need to develop a complete Fiori app without using ODATA service published in gateway.
Kindly help me out in authenticating an external web service. Will this requirement is feasible to implement when considering the front end roles and back end roles?
It will be more helpful for me if you share the code snippet for performing/consuming CRUD operations on external services from UI5 application including authentication.
Regards
Phani Poorna
The authentication you are looking for is not something that you should build into your app, but should be provided by the infrastructure your application is running on. Your ID provider (e.g. R/3 or Active Directory), in which you login to, should provide your browser with the necessary tokens or cookies. The respective sub-systems should in turn decide to give you access based on the cookies, tokens or certificates that you bring along.
A bit like this:
Many Fiori apps are running on the same R/3 environment as the user logs into. As this is the same system, it is trusted by default. This is why you don't have to do much to get a decent response from your service. However, if you want to connect to an external system, you will have to put some IDP plumbing in place. This usually involves things such as establishing a trust between de IDP and the external service.
As mentioned, authorisation should not be part of your app, hence no code samples in this answer. I hope answer provides you with enough pointers to find a solution for your particular situation. This is a tough topic though, read up on it (there's lot of info on SCN and the help-section) and don't be shy to ask for help from a basis consultant if necessary.
Also, please don't step into the pitfall of building your own authentication (e.g. basic authentication or oAuth), as it is insecure by default. The reason for this is because your Javascript, including embedded algorithms and tokens are readable by anyone the has access to the app.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am a newbie to WSO2 and just demonstrated a test SAML SSO using the link http://wso2.org/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server.
Now I want to know If we can also perform Idp initiated SSO using the same.
Please correct me If I am wrong.
Yes you can. WSO2 SAML SSO implementation supports IDP initiated SSO. You can directly login to the WSO2 Identity Server at the first place and then you can access other resources in the SSO system.