Is there a way to check what type of authentication (anonymous, ntlm..) is configured in a
website using a vbscript?
and if is it possible it work on any version of iis?
I am afraid there no single way to achieve this on any version of IIS. Methods of accessing this information on various versions of IIS are discussed in answers to this question:
How to set Authentication Methods in IIS programattically.
Related
I have setup Apache Superset with Google Oauth using the instructions at https://medium.com/#aungmt/superset-with-google-oauth-3ba7a1c1f459. It works just fine.
However, is it possible to have both OAuth and the out of the box basic auth? I want to support both modes for auth.
You can't have both modes of authentication methods enabled at the same time.
See the flask-appbuilder documentation (superset is based off flask-appbuilder): "The framework has 5 authentication methods and you choose one of them, you configure the method to be used on the config.py" [https://flask-appbuilder.readthedocs.io/en/latest/security.html#authentication-methods].
That logic is defined here: https://flask-appbuilder.readthedocs.io/en/latest/_modules/flask_appbuilder/security/manager.html
That being said, if you wanted to extend the code, it should be do-able by creating a custom SecurityManager that re-used both logic.
See https://flask-appbuilder.readthedocs.io/en/latest/security.html#your-custom-security or https://medium.com/#sairamkrish/apache-superset-custom-authentication-and-integrate-with-other-micro-services-8217956273c1
The question: Can CXF automatically configure WS-Security for a client based on a WS-SecurityPolicy file?
If so, is there any documentation on actually doing so? I've spent several hours looking at the CXF site and doing searches without finding an answer.
The CXF documentation says "CXF 2.2 introduced support for using WS-SecurityPolicy to configure WSS4J instead of the custom configuration documented on the WS-Security page", and also says "In CXF 2.2, if the cxf-rt-ws-policy and cxf-rt-ws-security modules are available on the classpath, the WS-SecurityPolicy stuff is automatically enabled." Finally, there's a listing of the properties that may need to be configured (keystore locations, etc). All of that I understand, but the documentation doesn't actually explain what enabling WS-SecurityPolicy does. Is it just for policy generation, or does it actually help configure clients?
The reason I'm asking is that I'm working on an application that uses CXF (JAX-WS front end) via Camel to consume a SOAP service secured with WS-Security. Because of the existing structure of our application, I've been trying to configure the client with WSS4J interceptors, but have been having a tough time actually implementing what they've described.
After a couple of days working on this, the provider mentioned that they had a WS-SecurityPolicy file they could send to me (why they didn't mention this up front is a mystery). Now that I have their policy, I'd really like to figure out a less code-driven way of configuring the security.
Having a WS-SecurityPolicy configures "most" of the security requirements for a client. You still need to specify JAX-WS properties to configure users, passwords, keys etc. I would recommend checking out the CXF source and looking at the systests/ws-security-examples tests.
Hello smart people on stackoverflow,
I would be very happy if someone could point me to the right libraries/frameworks to do what I want.
We have the following web architecture set up.
1. We have a tomcat server that offers REST services.
2. We have an apache2 server that serves up php pages to users.
a. Some of these php pages make REST calls to tomcat for data.
b. Other php pages contain javascript that makes REST calls that are routed through apache2 via mod_proxy to tomcat. e.g. All request to http://myapache.com/PASSTOTOMCAT/rest/getSecureData would go to tomcat.
Now, I'm asked to add authentication to everything, both the user pages as well as the REST calls. It would obviously be ideal for the user to sign-in once for access to both.
What library can I use for this? I don't think I can use any php-based solution (ie. one that involves adding a ) because the pass-through url's won't have a chance to add this code and check for authentication. I think I need to use something built into apache2 itself.
One minor requirement is that I would like the user credentials stored in a mysql database as opposed to a file.
Am I over-thinking this?
Thanks in advance
Well it's been 5 days, so I guess I'll answer my own question...
I ended up using the new mod_auth_form for authentication because it lets you use a nice stylized webpage to log users in.
I also used mod_dbd to access user credentials in mysql.
I couldn't find a nice tutorial on this so I struggled through the installation and setup a bit, but if anyone cares, I created a set of instructions on my blog in case anyone else tries to do the same thing.
Installation
Setup
I have a Django web app that provides a download facility for a private user dropbox by issuing HTTP requests to a lighttpd server using the x-send-file header. I would like to extend this functionality to allow WebDav access from third party clients. Is this possible? The only examples I can see have statically defined WebDav folders.
The only example of a per-user dynamic WebDAV confir I can find is this solution using the Apache LA-U look-ahead feature.
I'd love to extend my Django app for this but the key requirement is to be able to generate a dynamic config. Integration with a third party solution would be OK.
Any suggestions?
Michela
I wanted to do the same thing. I also wanted to use other parts of Django with WebDAV, so I started the django-webdav project.
http://code.google.com/p/django-webdav/
At this point it is working (passes litmus basic + movecopy tests) and I can use it with Windows and Linux (DAVfs2).
Check it out and help out if you think it suits your needs.
We currently have an application that runs an embedded jetty 6.1.14 server to which we need to add authentication via Kerberos. I'm new to Kerberos, which makes the task about 100x harder that maybe it should be. I've scoured the internet and have found conflicting reports as to whether or not it is even possible but nothing much to provides guidance as to how to proceed.
I've managed to have the server basically be able to authenticate the users via kerberos but can't find away to have the client automatically send its kerberos ticket: I have to use the from auth-method, though there are hints that this may be using filters, which are very poorly documented.
My question - and I apologize for it being a bit vague, I've not been this exasperated in quite a long time - is to request some guidance for plugging in kerberos authentication without login forms in Jetty 6? Or am I just out of luck? Has anyone added this type of authentication to jetty 6?
If Jetty supports Servlet Filters (JSR-53), then this open source project http://spnego.sourceforge.net might be what you are looking for.
You have to prepare your domain environment first. Make sure that your server if part of your domain (joined it). Then you have to create an machine account and assign an SPN. If you have done that, create a keytab for that account. From now on a client will be able to search for the host in the domain and create a ticket for. Then comes Jetty into play.