Creating a Azure chatbot V4 framework. But not able to see any proper documentation on SSO implementation so far. Is it possible to have single sign on in version 4 or not? can somebody give pointers please?
Yes. It's absolutely possible to have SSO in v4 framework. In the documentation there is a part about implementing authentication here:
https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&tabs=aadv1%2Ccsharp%2Cbot-oauth
For webchat channel itself there is a fresh (released last month) sample of implementing SSO with Oauth here:
https://github.com/microsoft/BotFramework-WebChat/tree/master/samples/19.a.single-sign-on-for-enterprise-apps#single-sign-on-demo-for-enterprise-apps-using-oauth
Related
I'm trying to configure a SAML Authentication with Azure in a Flask web service.
Is the first time I'm doing this and I'm bit lost.
I'm trying to use the 'SAML_METADA_URL' provided in AZURE but I don't know what to configure in python side.
In Azure seems to be all setup, the app was added, have the client ID and CLIENT SECRET, ETC.
Anyone knows a good and specific tutorial for this?
Thanks in advance
You can refer to the SAML-enabled Python application guide, which explains how to use PySAML2 to add Okta support (via SAML) to an application written in Python, And refer to the steps for implementing a SAML SP in Python/Flask.
In addition, OneLogin also provides a SAML Python toolkit, I believe it will also be helpful to you here.
I am trying to implement SAML 2.0 in my project(c#). I researched and found the work flow. However I am a little confused with the steps from a coding perspective. Please help
SAML is not a simple protocol.
I suggest you use a SAML client side stack. There are some recommendations - refer SAML : SAML connectivity / toolkit.
We have application that is developed using MEAN stack. and we are planning to use Azure AD for authentication.
Client Side
In angular the client side resources are protected using adal JS library based on article here
Server Side Node Web API
To protect server side web api i was following the article here which uses
passport-azure-ad node module. However on passportjs web site i came across one more node module passport-azure-ad-oauth2
So the question is what's the difference between passport-azure-ad vs passport-azure-ad-oauth2
I'm the maintainer of passport-azure-ad. Passport-azure-ad comes from Microsoft and was built to support not just OAuth2 but also scenarios in preview such as B2C and B2B and soon our converged endpoint that we announced at BUILD 2016.
passport-azure-ad-oauth2 is from Auth0 team not affiliated with Microsoft, but they are perfectly good team with good documentation as well. I don't know their level of support for the other scenarios above.
Azure Active Directory is an open platform and strives to use open standards like OAuth2 and Open ID Connect so that developers have this kind of choice.
So, you are free to use whatever library you'd like, but of course from my perspective I'd advocate using the Microsoft OSS libraries on GitHub where they exist, like passport-azure-ad.
Does that help? Feel free to let me know if you run in to any problems with passport-azure-ad if you continue down that route.
I've been searching high and low for an example of using an Azure API App with authentication with a javascript client. Specifically I am interested in how something like an Angularjs app can authenticate with an Azure API app.
The closest I've got is this example http://azure.microsoft.com/en-us/documentation/articles/app-service-api-javascript-client/
but unfortunately this does not use authentication.
Given many users with be using SPA applications with Azure API Apps I would think there will be a lot of demand for this.
Does anyone have any pointers?
http://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-consume/#authenticated-call-from-a-windows-desktop-application shows how to authenticate for scenarios where we don't yet have an SDK. You should be able to follow the same steps from a JavaScript client. Hope that helps!
Thanks,
Mohit
I have a web service written in node.js and I have a server that is running MongoDB, my question is, how can I implement OAuth 2.0 when according to RFC 6749 in my case, the resource owner, the resource server and the authorization server are the same? i.e. I want to use OAuth to authenticate and authorize users that are in my own database and not from other resource owners(like facebook or twitter).
This is a pretty broad question -- implementing oauth is quite complex if you're looking to roll your own solution.
If I were you I'd look into using a library like Passport.js or Stormpath to help offload this stuff.
You can find detailed generic information about what developers have to do to implement OAuth 2.0 and OpenID Connect in Authlete Definitive Guide and Authlete Blog. Although the documents refer to a specific solution (Authlete), the contents will serve as a useful reference for developers who dare to implement their own OAuth 2.0/OpenID Connect servers.