can anyone please share some coding samples to implement HTTPMetadataProvider.I have already implemented file based metadata provider using following link
https://blog.samlsecurity.com/2012/02/reading-metadata-with-opensaml.html
It is very clear and have brief idea to implementation.
OpenSAML contains a metadata provider that can consume SAML metadata from a URL: http://svn.shibboleth.net/view/java-opensaml2/trunk/src/main/java/org/opensaml/saml2/metadata/provider/HTTPMetadataProvider.java
Learn OpenSAML and use it, don't roll your own.
Related
I am a beginner in the world of the OAuth2.0 and OpenID Protocols. I would like to implement a custom server - provider for multiple applications. So, to use it for Single Sign-On (SSO). I would like to work with python. Till now I have found four packages, for an OAuth2.0 and an OpenID Connect server implementation, in Python: pyoidc, django-oidc-provider, Django OAuth Toolkit (DOT) by OAuthlib and Authlib. I tried to read and understand pyoidc, but it was not so helpful and easy, basic things were missing. I have tried django-oidc-provider and I was really satisfied, and the whole implementation was really easy. So, after those trials, I am left with Django OAuth Toolkit (by OAuthlib) and Authlib. Has anyone tried them? Are these packages the same? Is Authlib an updated version of the OAuthlib library? The only information I know till now, is that Flask-OAuthlib is deprecated, and Authlib is was its new version.
*Every answer or advice or personal experience would be really helpful and always appreciated!
Thank you again for your help.
After some research, I concluded to work generally with JWTs. As before, I would like to work with a GraphQL API, so I am searching for solutions about JWT authentication on it. I maybe use Passport.js (passport-jwt) or something else for Python. All the libraries mentioned above possibly will be not used.
I will just redirect the user to my main application, authenticate them with JWT, and then return the JWT back to the application. In the future and after deployment, I might also implement an OAuth2.0 provider for my website. Although those packages did not really help me, I would recommend Django OAuth Toolkit (DOT) and django-oidc-provider to others. But, also I learned that django-oidc-provider only supports the implementation of a small and simple OAuth2.0 provider. Django OAuth Toolkit comes with lots of options for implementing an advanced OAuth2.0 Authentication Server (AS), including Authorization Code flow with PKCE (Proof Key with Code Exchange), which is the most secure flow. It is also scalable and has great documentation with lots of customizations if you want.
*I sent an email to the support of Authlib, and of course no one has answered to me after a week.
Is it possible to create an OAuth client (https://developers.google.com/identity/protocols/OAuth2) using a script (gcloud or any library)?
Google recommended way (https://developers.google.com/identity/protocols/OAuth2WebServer#creatingcred) is to manually create from https://console.developers.google.com/apis/credentials.
I have multiple apps with different url_redirects like https://a.domain.com, https://b.domain.com https://c.domain.com, https://d.domain.com, this subdomain list is large to manage manually.
I want to automate this process for my use case. I'm not able to find any library to do this.
Update: Endpoint used by GCP console https://clientauthconfig.clients6.google.com/v1/clients and there is related permission also "clientauthconfig.clients.create" but there is no API provided for it.
You would need API client to create new API client anyway. Is it really necessary for you to create it this way? You can rather create multiple "user" credentials for your application using only that one API client.
I think you are looking for something like this, hope Java is good for you.
I've also found the following relevant information that might help you. Link
Also relevant for you. Link
Let me know.
I have a chrome extension which I would like to convert into an Edge extension. I attempted to use the conversion tool provided by Microsoft (here) but it doesn't work, at all. I load the extension and the program just hangs, without updating the UI at all. It's a fairly complex extension, so I could understand why.
I've started to look into doing this myself, however I saw that the Identity API is not supported at all within Edge Extensions (see here) which hinders my progress slightly, as I use chrome.identity.launchWebAuthFlow to interact with our own Identity Provider.
Is there a way around this at all? Or any possible alternatives? We need to be able to authenticate against our own Identity Provider (which is running IdentityServer 3.)
Please check this thread, as we know, Edge does not support identity now. So we cannot get user identity using Edge extension APIs. Currently we do not have any tricky do get user identity and do not encourage to do it with a tricky method. The best and safety way is sign-in with your extension now.
Someone has create a feedback to asks Edge support Identity API, you could also add a vote.
I'm considering using GraphQL with a Django backend service but I couldn't find much information regarding the API documentation. I need some solution to dynamically generate the documentation, perhaps like npm's graphql-docs with a result similar to GitHub's API docs.
Is it feasible to accomplish with graphene-django? If not, what's a good alternative for a python environment?
Yes, it's very easy to do by using GraphiQL, which is embedded in to Graphene.
The instructions on how to integrate this with Graphene are here in the graphene-python documentation. --- basically you need to add the parameter graphiql=True when setting up the API route in your urls.py file.
After it is set up, if go to your API endpoint in your browser, you'll see a nice interface for sending API calls, getting API responses, and reading documentation for both queries and mutations. The documentation is initially hidden on the right until you click on the "< Docs" link.
I have to access a service which is developed using different framework. The client program is using CXF. I dont have access to the provider environment so I cannot use any config files (Cxf.xml, cxfservlet.xml etc..). I need to access the webservice with implicit security header (UsernameTokenType, oasis-200401-wss-wssecurity-secext-1.0.xsd) . Can anyone throw some light on this?..
First, read the documentation.
After that, for this subject I recommend an email to the CXF User mailing list. After, of course, you check out the Confluence doc. The experts on that issue don't infest Stack Overflow yet.