I'm currently using Crossbar , and i want to put my dynamic authentifier and authorizer in a protected realm for security reason .
There is an option like : "authenticator-realm : realm " for Authorizer ?
Crossbar doesn't have that feature today, so you need to build a custom solution yourself. Also try reporting a bug on our github as a feature request.
I believe what you are trying to do could be achieved by creating a separate realm in your router configuration and then add configuration for your authenticator in crossbar config.
Your main realm (non-authenticating) could then add another authenticator that verifies some kind of token obtained from the first authenticator.
Obviously that's just an idea, you can probably figure out better solutions.
Related
How can I set a default value to a claim when configuring a Service Provider on WSO2-IS carbon?
I'd like to set a default value to userDirectory according to environment that I've created to pass to Service Provider.
WSO2-IS 5.11.0
AFAIK there is not OOTB config you can achieve this. I can suggest two ways for you to try this.
You can do customization and get this capability. You can write a lister and subscribe to PostAddUser event or PostGetUser event. To do so you need to introduce a new claim as well.
IF you want to include this claim in the ID token, then you can implement a custom claim provider. Follow the blog for more details.
Edit:
AFAIU there is a 3rd option you can do that is explained in issue, where you can define a custom claim handler. With this approach, the claims will be added to all the assertions.
refer to this link we integrated CustomPermissionClaimHandler to our server without any errors but still we can't get the permissions of the users... I know how to create custom claims refer to this link and if I follow these 2 links' steps, I can create permission field like a textbox as shown on picture (testClaim and organizationID are examples about that from picture)... I thought that after integrating CustomPermissionClaimHandler I would see permissions like Role field as shown on picture with blue line but still it comes with empty textbox as shown on picture with green line. Is there any way to get the permissions?
EDIT: I can get JWT including my custom claims and if I decode it I see like this (as you see it doesn't contain permissions):
By looking at the JWT response, I can say you have done either or both of the following.
It seems there is a mistake in the guide of configuring the application-authentication extension.
If you have added,
[authentication.framework.extensions]
claim_handler="com.wso2.sample.claim.handler.CustomClaimHandler"
in to the deployment.toml, but you use the jar by building the code, there is a mismatch in the package name. You have to use the following config.
[authentication.framework.extensions]
claim_handler="org.wso2.custom.claim.PermissionClaimHandler"
Because of this configuration issue, your custom handler may not get executed even though that service got activated properly.
If the claim handler is active and the configuration is correct as step one, you might have missed something when mapping the custom claim to an oidc claim / adding it as an OIDC sope / configuring service provider claims
Good day, everyone! I start to develop a project with aws stack. And it has one important component - AppSync that working with a client and data. Also I have custom user structure and logic.
Now I need to add a handling for every user request (I want to check extra http header with their token).
Can I add middle ware or plugins for AppSync with my common logic for mutation every request (for adding field with status of checking this token)?
Some solutions that go to my mind: I can add same code for every resolver. Also I can setting up identity provider with Cognito or other services but it adds more extra complexity in the project.
Thank you!
After extensive research I didn't find any solutions for it. If You need the custom logic for global resolving of user requests, your own graphql server is one of the best options.
Trying to create SSO for AWS keeping Azure users as source of Truth. Followed below Tut's.
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial
http://blog.flux7.com/aws-best-practice-azure-ad-saml-authentication-configuration-for-aws-console
Anything is to be more precise with user attributes in Azure ? Has anything to enable in AWS to accept the SSO ?
Login is successful(Can see signin's in Azure AD) but it displays message "Your request included an invalid SAML response. To logout, click here
". Any idea what has gone wrong ?
Yes, I think you are on the right path. It seems that you are missing the custom attributes which we are suggesting to add for your application. Those are Role and RoleSessionName. Please see the step #5 in my article https://learn.microsoft.com/en-us/azure/active-directory/active-directory-saas-amazon-web-service-tutorial and make sure that you use the same casing and namespace for the claims. With that the integration should work correctly.
May be I am late to this post. As Jeevan mentioned. You are missing custom attributes that you need to add. I have been struggling with same and found this well explained video. I hope, this will help any one who is struggling with this issues.
I've setup Omniauth on my Rails 4 application to allow a user to sign in using Github.
This part works fine.
Now, I would like to list the repositories of that user (I request the scope repo when asking the user to authorise my app.
I've done a lot of Googling, but I don't understand how to do that.
Can anyone please tell me how I can use the existing authentication to list the repositories of my user?
Well, OmniAuth is just a flexible authentication library. Its only purpose is to authenticate users. Any custom behaviour you desire has to be implemented either by you or by another gem.
You can achieve what you want by simply using GitHub's well documented API:
# callbacks_controller.rb
require "open-uri"
require "json"
omniauth = env['omniauth.auth']
repositories_json = open(omniauth.extra.raw_info.repos_url,
"Accept" => "application/vnd.github.v3+json",
"Authorization" => "token #{omniauth.credentials.token}"
).read
repositories = JSON.parse(repositories_json)
If this is all you need, then by all means, use it. If you have other requirements besides this, then maybe you should take a look at the github gem.
Also, you should only use the scope repo if you want to access your users' private repos. And requesting access to a user's private repos is a bit intrusive, so don't do it lightly.
If you really want to access a user's private repos, then you have to append ?type=all to the end of the repos_url. So you would have to do something like:
open("#{omniauth.extra.raw_info.repos_url}?type=all" ... )