Authenticating an External Restful Web-service from UI5/Fiori application [closed] - web-services

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
We have a requirement to consume a External RESTful web service from UI5 application. We need to develop a complete Fiori app without using ODATA service published in gateway.
Kindly help me out in authenticating an external web service. Will this requirement is feasible to implement when considering the front end roles and back end roles?
It will be more helpful for me if you share the code snippet for performing/consuming CRUD operations on external services from UI5 application including authentication.
Regards
Phani Poorna

The authentication you are looking for is not something that you should build into your app, but should be provided by the infrastructure your application is running on. Your ID provider (e.g. R/3 or Active Directory), in which you login to, should provide your browser with the necessary tokens or cookies. The respective sub-systems should in turn decide to give you access based on the cookies, tokens or certificates that you bring along.
A bit like this:
Many Fiori apps are running on the same R/3 environment as the user logs into. As this is the same system, it is trusted by default. This is why you don't have to do much to get a decent response from your service. However, if you want to connect to an external system, you will have to put some IDP plumbing in place. This usually involves things such as establishing a trust between de IDP and the external service.
As mentioned, authorisation should not be part of your app, hence no code samples in this answer. I hope answer provides you with enough pointers to find a solution for your particular situation. This is a tough topic though, read up on it (there's lot of info on SCN and the help-section) and don't be shy to ask for help from a basis consultant if necessary.
Also, please don't step into the pitfall of building your own authentication (e.g. basic authentication or oAuth), as it is insecure by default. The reason for this is because your Javascript, including embedded algorithms and tokens are readable by anyone the has access to the app.

Related

How are companies using Google's OAuth for RBAC? [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 months ago.
This post was edited and submitted for review 8 months ago and failed to reopen the post:
Original close reason(s) were not resolved
Improve this question
I'm working on an application which uses role-based access control to limit what users can do. I would like to support authentication using OpenID Connect with the major identity providers such as Google. I'm having a hard time figuring out how companies usually use Google as the IdP for their organization.
I was able to make the regular login flow work, but I have no idea how to get any kind of role or group membership information in the JSON Web Key I receive from Google's OAuth server. I'm quite confused by the whole landscape of Google's authentication since there is IAM and Identity Platform which seem to be doing the same things.
How do large companies use Google's authentication if they rely on groups or roles for access control?

Difference in Rest API / Web Service / Web API [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
I have read all over the internet up and down about the differences in these three things and to me the waters seem incredibly muddy. I'm curious if anyone has any very clear way of explaining or identifying the differences between these three categories. Examples would be helpful.
I can read the differences all day, but nothing is computing with me. A Web Service and a Web API both do the same thing, I don't get it, and a REST API is just a type of Web API so how are these 3 different things?
A Web Service is a way to expose a system functionality in a machine-readable way over HTTP. The popular formats are SOAP, JSON or other XML schemas, but anything both sides understand will do.
A REST API is one architecture to design a Web Service, where resources are identified by URLs, and actions on them are identified by HTTP VERBS (GET, POST, DELETE, PUT etc.)
Web API is the Microsoft offering to implement a Web Service, REST or other. SOAP is not supported out of the box in Web API, but can be implemented.

ADFS SSO and Django powered web app hosted on linux server [duplicate]

My question may be too broad or vague, but I cannot best describe it in any other way than I am doing it.
I have multiple Django applications. I have implemented SSO successfully for the same. All this things work. Now, I have been given a new task and its like this.
I have to integrate Microsoft ADFS authentication into my suite of applications and broaden the scope of current SSO.
My understanding of it is as, when I log into my laptop which is on corporate network (I assume this is how I have to put it) I also get logged into my django applications
I seriously have no idea of how this work as I have no experience with ADFS. Can anyone with experience of this explain it with a scenario of how it works so that I can understand it and think of a solution to it.
PS: If there is any more information needed I will provide. Also, if downvoting the question do put a reason so that I can edit the question and post it as it should be.
if Django supports SAML based login, then you set it up to trust ADFS. ADFS will automatically take care of logging in using your logged in credentials to a domain joined machine inside the corporate network. If the user accessed externally, it would prompt for password or a certificate based auth (e.g. smartcard) to login the user.

I want to develop GUI to create XACML like WSO2 Identity [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
Is it possible to develop GUI similar to what WSO2 provides to create XACML.
So we can simplify creation of XACMl policies for admin. This way instead of providing username and password of WSO2 server to our admin/users we can provide internal application pages , so they don't even have to go to WSO2 Identity server to create XACML policies.
Is it possible to get WSO2 IS code and reuse in our application to provide the similar functionality?
All software and documentation produced by WSO2, Inc. or any of its projects or subjects is licensed according to the terms of Apache License, Version 2.
This means you can access the code and modify it for your own purpose.
This is very much possible and we did the same for our requirement where we developed user friendly UIs to be used to create XACML policies. The end user need not to know about XACML and once the end user provides information related to policy as per design then we called WSO2 IS entitlement policy admin services to create the XACML policies inside WSO2 IS policy server.
So, you may use the Entitlement Policy Admin Service services (SOAP) to create the required XACML policies within your code.
Here is the wsdl url for EntitlementPolicyAdminService in WSO2 IS:
https://{IS host}:{port}/services/EntitlementPolicyAdminService?wsdl

What is the difference between various web service implementations [closed]

Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am new to web services programming. Recently I started learning web services but there I came across various specifications like:
REST
JAX-WS
JAX-RPC
etc.
Kindly update me that does these technologies occur in parallel or some are old versions and others are new versions of the same.
Also do I need to follow a hierarchy while learning these or I could start with any one randomly.
Thanks in advance
rest is a new way of implementing and describing web services via HTTP methods and URIs. Java helps with implementing such web services with jax-rs standard. REST services are often easy to interact with using browser, curl or any HTTP client. See StackOverflow API for an example.
jax-ws is similar to JAX-RS but provides standard way of implementing soap web services (older but also better recognizable in industry). SOAP is much more complex than REST, all messages are sent inside XML envelope, but the protocol is not restricted to HTTP and request-response.
jax-rpc is outdated and currently deprecated:
JAX-RPC 2.0 was renamed JAX-WS 2.0
REST: Representational State Transfer (REST) is a style of software architecture for distributed systems such as the World Wide Web.
http://en.wikipedia.org/wiki/Representational_state_transfer
Java API for XML Web Services (JAX-WS), is a set of APIs for creating web services in XML format (SOAP) mkyong.com/tutorials/jax-ws-tutorials/
JAX-RPC: Java APIs for XML-based Remote Procedure Call (JAX-RPC)
http://www.ibm.com/developerworks/library/ws-jaxrpc1/
As you notice from above descriptions, first one is a architecture and the rest are Jaa APIs.
You may start with REST then based on your requirement choose the API.