Can i install the appfabric on my private servers and get the same services that ACS provides in the cloud? specifically I want to be able to accept Live Id, Goggle and Facebook logins in my asp.net mvc application but I don't want to use Azure or pay for another cloud based product.
You can do this without ACS. The Facebook etc. integration is simply an OAuth / OpenID interface on the other side of ACS.
As an example see Sign into SharePoint 2010 with Facebook using a custom STS.
You'll see it refers to a custom C# class which is used to do the actual work of the oAuth 2.0 authentication. You can do a similar thing from your ASP app.
Also have a look at DotNetOpenAuth. This supports OpenID 2.0 and 1.x and OAuth 1.0 and 1.0a.
Related
My question is how a 3rd party developer would login users through my Identity Platform? I looked at the documentation but found nothing.
Essentially I want to use Identity Platform as an OIDC Provider, but I don't know if that's supported.
Cloud Identity Platform is based on Firebase Auth product (literally because the documentation and the Javascript to add are still in Firebase perimeter!).
This product allows you to delegate the authentication to a third party, either Firebase auth if you use login/password authentication, or to connect Identity Provider (IdP).
There is several built in IdP like Google, LinkedIn, Facebook, Twitter,... and you can add custom Auth0 provider (SAML) and OAuth2 provider (OIDC).
The platform only allow you to perform an authentication and then redirect the user to YOUR app. Then, it's to YOUR app to ensure the correct authorisations and roles of the user.
All of this for saying to you:
Think about firebase Auth feature: originally, it has been designed to authenticate user that wants to connect to Mobile App, on Android. Today it's the same thing but, in addition, for your web app
It's designed for YOUR application with YOUR roles and authorisations. By the way, if your target is to allow your 3rd party developers to log into Google Cloud console thanks to this authentication mode, it's not possible.
But, stay tuned, awesome things are coming soon on this field
John is right, more details would help. But if I had to guess you are referring to the fact that Google Cloud Platform IAM does not handle Identity part only authorisation. You could, however use G Suite or Google Directory Sync (which can integrate with LDAP server or Active Directory.
You can refer to the link below which shows you how you can integrate with OIDC:
https://cloud.google.com/solutions/authenticating-corporate-users-in-a-hybrid-environment
I'm currently building an app that consume data from WSO2AM Restful API. I'm using WSO2AM 2.1.0
From what I see from https://docs.wso2.com/display/AM210/Publisher+APIs, there is no API end point for User Management, and the thing is I need that one.
So after doing some google, I found this https://docs.wso2.com/display/IS530/Managing+Users+and+Roles+with+APIs but in that link it's clearly says that it's for WSO2IS
My questions are:
Is there available user management API for WSO2AM (doesn't matter if it's Restful or SOAP-WSDL)
Is this WSO2IS user management API can be used on the WSO2AM ?
Thank you in advance
All WSO2 products are built on a single platform, therefore components of each product are mixed in other products such as user management component is used by all of the WSO2 products even though it is developed as an identity component. Hence you can use the following steps to access the user management soap service in WSO2 API Manager.
Set the "HideAdminServiceWSDLs" element to "false" in /repository/conf/carbon.xml file.
Restart the API Manager Server.
If you have started the server in default configurations, use the following URL in your browser to see the WSDL of the admin service: https://localhost:9443/services/RemoteUserStoreManagerService?wsdl.
This is a very basic question. I want to do an SSO integration using ColdFusion but do not know where to start. I found the website ssoeasy.com through a google search, but am very confused about how to use it and where to find documentation.
I think it has something related with cfldap or cfhttp but not sure what and where:
<cfhttp method="get" url="http://testsso.com/login.cfm">
</cfhttp>
It really depends on what role you want to play in an SSO ecosystem. Are you an app in a larger federation (Service Provider), or are you trying to implement an SSO style login across multiple applications that you control, or are you looking to setup so that your users can log in with Google or Facebook or such other identity registers?
A few years back we did an implementation with Shibboleth (https://shibboleth.net/) and CF where our intended place in the system would be that of a Service Provider to other companies Identity Providers. It works pretty straight forward as we let Shibboleth handle all the SAML federation grunt work and then when it's completed we get an e-mail address (the unique identifier we decided on) back from Shibboleth saying that the user has been authenticated via the Identity Provider.
Other 'SSO' implementations are around for other types of integrations.
From CFCs to handle OAuth -- https://github.com/coldfumonkeh/oauth2
To integrated oauth support if you're running a new enough version of ColdFusion https://helpx.adobe.com/coldfusion/cfml-reference/coldfusion-tags/tags-m-o/cfoauth.html
Hope this is of assistance to you.
If I understand your SSO use case, the application will be a cloud service provider (SP). There are three things you need to determine to help in the selection of the appropriate technology, mainly (1) SSO protocol to integrate, mainly SAML, OAuth, OpenID Connect (OIDC), etc. (2) Hosting, mainly Cloud, On-Prem, or hybrid, and (3) whether or not IdP discovery is needed for your business partners.
Being ColdFusion based as well as working to be a cloud SP web application, my experience is that the application is to be hosted by your organization, such that an on premise SSO capability is desired, as well as IdP Discovery will be needed for your partners.
As noted in your question there are some options for integration. I have found the most popular approach to being a SP website is to utilize a vendor product that handles the SSO protocol (e.g. SAML, OIDC) where the integration with your ColdFusion application is based upon a simple REST API integration. With this design pattern, the vendor product manages all the security of the SSO protocol and then simplifies integration to your application as a secure REST API exchange of identity information. This will minimize the impact to your application and also give the most support for modern identity. One product that offers this capability is PingFederate via the Agentless integration (also referred to as Reference ID integration). I have had much success integrating ColdFusion applications following this type of approach.
SAML seemed to be the easiest to implement for our team. Phil Duba's 2013 Beyond Encrypt() presentation is a good starting place. His website is down right now, but I'm sure you can find the downloadable file somewhere. Learning about SAML in general would be a good idea. Also, you can use Java, so maybe look at SAML/OAUTH Java examples and try doing that for Coldfusion since it is based on Java.
There is a Sharepoint 2013 installation which uses ADFS for authentication with the internal domain controller. The need is to write a console app/android app which can browse to a folder and then upload a document into sharepoint server. The problem I am facing is how to authenticate because the SAML 2.0 ECP profile which is required for non-browser based SAML authentication is not supported by ADFS. Is there any way in which the application can be written or is it not possible at all.
Check the code sample available here:
Remote Authentication in SharePoint Online Using the Client Object Model
The idea is to simulate a user browsing Sharepoint to retrieve the FedAuth authentication cookie, and then using this cookie in your app to perform other Sharepoint calls.
I have some questions about the use of Liferay and Lyferay web services.
I have read the documentation liferay in particular the chapter 11 and 12 (development/Documentation)about the development (or use) of web services in Liferay ... but this documentation does not seem complete than what you can do (Searching on the web you can find different approaches regarding the use of Liferay).
So, here are my questions / concerns ...
Suppose you develop your portlets in Liferay .. This way I can interact with the 'core' of Liferay and also write the front-end of my webapp that will be on Liferay. For example I can authenticate the user in my webapp using the Liferay API.
If I wanted to have an authentication system to access in my web app through my mobile app?
I'm not crazy .. I also would like to have my own mobile app developed with native code. In this case I would expect to have a REST service to interact with Liferay.
I think that, in this case, I have to expose all of the functionality of my web app (portlet) also as web serivices
For example ... we can reason with regard to the user authentication..
I thought that you can:
1. Use the webservice native Liferay to access from the outside.
2. E'possibile to write my own web service.
In this case, I'll have to write a portlet that is actually a webservice?
When it might be convenient to implement a CAS?
As Liferay works as regards the user session (for authenticated users)?
In this case we will provide somehow username and password.
If successful, I will have a token or session ID?
Here I can read:
To call the AXIS web service using credentials, you would use the
following URL syntax:
http://" + userIdAsString + ":" + password + "#[server.com]:[port]/api/secure/axis/" + serviceName
I did not really understand if this should be done only to authorize the untente during login
I probably I am confused but the official documentation for Liferay is not my friend right now: (
Yes you want to use custom portlet services in your native mobile app...
I have written very simple blog for doing exactly this:
Please follow the below link:
http://integrating-java.blogspot.in/2014/04/liferay-mobile-sdk-custom-services-part_4.html
By this you can use your portlet's custom service in your mobile native application.
And best part is you do not have to go through the authentication process if you use Liferay mobile sdk for this thing direct service call is enough.