Is it possible to authenticate Artifactory OSS (self-hosted) with Azure AD/SAML? Right now we use local Active Directory, but are thinking of deprecating local AD in favor of Azure AD, and moving most authentication to Azure AD/SAML. I understand the other versions of Artifactory can do this, but I can't definitively find if the self hosted OSS version does. If it does not, it may drive us to one of the pay models.
Thanks for any help!
The SAML SSO is not supported in the OSS version of Artifactory. In the link provided, you might find useful information on the top right of the page for JFrog Subscriptions that support the feature (relevant to all features).
Also, you can check the Pricing page for the different features included in each subscription. You should find the SAML SSO feature under the "Pro" subscription level and "Platform Security".
I hope this clarifies more.
Related
Background
I am attempting to using the git command line utility on WSL and Linux to access GIT repositories on Azure DevOps. According to Microsoft documentation found here.
For non-Microsoft tools that integrate into Azure DevOps but don't support Microsoft account or Azure AD authentication, you must use PATs. Examples include Git, NuGet, or Xcode.
A PAT is a Personal Access Token.
A PAT allow for 30+ scopes of access and a scope has multiple sub-options.
For clarity I am referring to this form.
Question
Besides the code scope (which is obvious), are there any other permissions/scopes which should be enabled for git to be fully functional when interfacing with Azure DevOps?
No, you dont need any other scopes to work with the repo. I'm also quite certain you dont need manage permissions, but I didnt test this hypothesis.
You can see the detail information about all scopes here. What scope you can set is detailed in the scope list. If you use GCM on linux to connect remote Git repository hosted in VSTS, the GCM will open a web browser window so that you can authenticate and authorize access to your account, it will create a PAT scoped for vso.code_write, effectively granting Git permission to read and write to your Git repositories hosted in VSTS. I am not sure fully functional in your post means full access.
We are trying to run OIOSAML as an SAML SP in an Azure Website, but we encounter problems regarding the signing certificates. Azure websites will not allow us to install custom certificates, hence our SigningCertificate under the Federation node in the web.config file cannot be found. Do we have to move over to a Virtual Machine?
The Azure Web Sites team is currently working to add this feature. Specifically adding the ability for web sites to optionally load profiles which will support more certificate loading scenarios. The ETA for this work to be in production is within 2 weeks.
To help ensure we will be supporting your scenario, if you can provide a representative code snippet which is failing, we will validate that it works with the fix, before we go to production.
Thanks for your patience.
The Kentor.AuthServices SAML2 SP package can load certificates from files in App_Data and works on Azure. The Kentor implementation is not as complete as OIOSAML (yet, we're working on it) but if the functionality it offers is enough for you it can be an option.
According to the releases a few day ago by Scottgu, its now possible to use the windows azure management api without client certificates.
Are there any examples of doing this?
I have a Azure Cloud Service Package that I would like to let people deploy from my website. Therefore I would like to, from javascript, to authenticate the user to their Azure subscription ( some oauth against the WAAD ) and then by rest api deploy my package for them.
I dont need a concrete examples, but just some pointers on how I could do this.
I dont want users to give me their passwords offcause, therefore i need some guidance on how I can do SSO of the user against WAAD/Windows Azure management api and from there use the access token to deploy the package.
As of today, the Service Management API documentation regarding this new authentication mechanism (http://msdn.microsoft.com/en-us/library/windowsazure/ee460782.aspx) is not updated. Since the new login mechanism is supported in PowerShell which is essentially a REST Wrapper over this API and is open source, one thing you could do is take a look at the source code of the Cmdlets on Github (https://github.com/WindowsAzure/azure-sdk-tools) to see how it is accomplished there and write something of your own (and share it here:)).
I work for a network management company and I want to write a .Net application (MVC 4) that will allow us to service Active Directory users from a cloud-based application.
As I have never written a cloud-based app, I don't know if I'm using that term correctly or not. I am in the requirements gathering stage. Basically, I'd like to provide our customers with the ability, for example, to change their own password using our cloud-based application.
is this an application that should be written specifically using Azure? If not, what tools and platform(s) should I take into consideration?
What tutorials or other resources are available ?
Actually, I don't even know enough about Active Directory and Cloud computing to ask the right questions. But, I hope someone will point me in the right direction
Read How to Authenticate Web Users with Windows Azure Active Directory Access Control. There are great walk-throughs there. There is more reading and code samples here - Access Control Service 2.0.
That's using ACS.
You could go direct to Azure Active Directory if you wished?
Refer: Adding Sign-On to Your Web Application Using Windows Azure AD.
If you use Office 365, you already have an AAD tenant.
I started to learn everything connected with Azure platform a little time ago. I'm really fascinated how some stuff works like a charm. One of that is AppFabric Access Control Service (ACS) and possibility of Single Sign On (SSO) with Facebook, Google, Live id...
When I was learning how to get running AppFabric I used preview version of it (available for free at https://portal.appfabriclabs.com/, but without SLA). Every tutorial about SSO was based on that Management portal.
Now, when I have my real Azure account (and AppFabric with it) I'm really confused because I can't find anywhere and section on portal where to configure ACS? I want to be able to create relaying party with facebook, live id and google identity provider using real appfabric account? Is that possible?
On some places I saw that this what I'm talking is only preview version of future ACS and that is not in production yet. So, if that is true, my main question is can I use production version (real appfabric account) to do single sign on on my web app? If not, what can I do with current production ACS version? What is the main purpose of it?
If someone have some links where are described main difference between Preview and Production version of AppFabric ACS, I will appreciate that.
P.S - Only tutorial that I found and is considered on current production release of ACS is at https://portal.appfabriclabs.com/. But I don't see integration with facebook, google.. There isn't SSO there...
Thank you in advance.
The current production version of ACS is a subset of what you see in the "Labs". Production currently supports SWT and WRAP. No WS-Federation, no WS-Trust, no (or limited) SAML.
All the cool stuff you mention (SSO for websites, out of the box integration with FB, Google, Yahoo! and LiveID, etc) is available on ACS "Labs" (which is not production yet).