Flask application authentication using windows logged in user - python-3.x

I am developing flask application and rest services. I have to make that application secure with os logged in user.
My application is running on windows server(Apache). If any user launches the application from any system or trying to access web services from any other application with different domain, I don't want to prompt to enter username and password, I have to authenticate with who ever logged into that system with my ldap and need to use that user details in subsequent requests.
I am using flask,Apache 2.4, Python.
It would be very appreciable for your valuable view or help.

From what I understand, you are trying to make it so that once a user is authenticated through your LDAP server and logged into an account, you do not want to make them have to enter their credentials again on a web application.
I do not think that with your current goal it is possible to do this, but you may find Flask-Login with Python-LDAP as a backend useful. I found this tutorial for using the two together if you need.
Please correct me if I am wrong in my interpretation of your question.

Related

Authenticate username and password (Active Directory - Windows)

I need to use windows authentication in an App built using Nodejs (Express) on back-end and Reactjs on Front-end and I found some tools for example:
https://www.npmjs.com/package/node-sspi
https://github.com/auth0/passport-windowsauth
https://www.npmjs.com/package/activedirectory
https://www.npmjs.com/package/passport-ldapauth
https://www.npmjs.com/package/LDAP
I would like to know what is the better tool to use since I have to have a login page and validate the user and password to see if the user has access to a directory.
If the user is not under a certain group want not to allow them to access the application.
Thank you in advance!

Login mechanism used by IBM Maximo Anywhere apps

I have been working on IBM Maximo Anywhere apps such as Work Approval and Work Execution for sometime now have few queries regarding the login mechanism used by these apps. To be specific as per my understanding anyone having access to maximo on that particular environment can login into the anywhere apps - is that a correct statement? and if yes then how does it work in a disconnected state? If for any reason maximo is down will it mean that the app will not be able to authenticate a user and hence unable to login as well? And alongwith that is there any other kind of authentication done for example LDAP etc? Are there any different kinds of login failure messages that are displayed depending on why the app isnt able to let the user login? or is it a common one saying "Login Failed"
The first time the user ever logs into the application, they do have to have a connection to the Maximo server to authenticate. We also validate that the user is authorized to use this particular mobile app. We have a security group for each mobile app that the user must be a member of. After the authentication and authorization finishes, we download, store, and sign the locally stored data with the username/password combination, so that on subsequent login attempts, if the server is down, we can fail over to the locally stored data. This also guarantees that the locally stored data is protected.
We support all of the types of authentication configuration that base Maximo supports.
More information here:
http://www-01.ibm.com/support/knowledgecenter/SSPJLC_7.5.0/com.ibm.si.mpl.doc_7.5.0/security/c_authentication.html

Node.js - Verify that user is in AD group

So I have a application that I want to check if a user is in a AD-Group to be able to access.
I checked out passport-kerberos but I could not see how to detect the user's add groups without logging the user in, which he already is on the domain.
On C# .Net solutions we use on IIS this runs just fine, but how can I get this on Node.js with Linux as server not microsoft?

Grails: Implementing SSO

I'm developing an application with Grails.
Im trying to implement an SSO-functionality. But I can't authenticate the users via windows session, because some of them has another windows passwort as the domain password.
(I retrieve the users via LDAP) So, how can I authenticate them?
Scenario should be following:
User goes to the Grails-Site
Popup appears where the users has to fill in with his credentials
After that, he has never to authenticate again...
Does anyone of you has some experience with it?
I think if you need SSO for many grails applications a good choice is to add saml support to your grails applications using this plugin and then build an IdP (there are many in many languages) and connect the IdP to your ldap.
SAML is standard and is the future.
If you need more info about saml check the saml entry at wikipedia. There you can find links to documentation and software.

Securing ASP.Net user database

I'm working on the web app which will be hosted on the client's server.
There are various restrictions/security measures in place and I'm concerned that these can be "hacked" because the client will have a direct access to the ASP.Net user database through the SSMS.
I can think of few ways to stop the user from doing this, but I'm interested to find out whether there are any specific standards that I should follow?
If the client has direct administrative access to the database, there's not much you can do. If these are the client's login details - why is this then a problem?

Resources