This online doc explains how to configure security (LDAP and SSO) for Studio:
https://docs.craftercms.org/en/3.0/system-administrators/security/configure-studio-security.html
I assume the functionalities are provided by the craftercms/commons/security subsystem. Can this be used by Crafter Delivery to provide LDAP and/or SSO integrations?
Yes, SAML 2.0 is supported by Crafter Engine, see this guide: https://docs.craftercms.org/en/3.0/site-administrators/engine/engine-site-security-guide.html
Very similar to how it's done in Studio, only simpler because there is no role mapping.
Related
This question is asked in the context where a company wants to implement a new SaaS solution with a REST API plus a single-page web-application on top of it,
where authentication and authorization and also user management are to be implemented using Microsoft Identity Platform and Microsoft Azure Active Directory.
I am wondering if in such a scenario, an own SCIM (2.0) endpoint is needed at all, or if perhaps simply a user management API (which itself may or may not be SCIM compliant) of Microsoft Identity Platform or Microsoft Azure Active Directory can be used for user management, so that users would only be stored and managed within AD for now.
Baseline expectations for multi-tenant SaaS applications nowadays include user provisioning functionality. SCIM 2.0 is the only widely adopted modern standard for internet-based provisioning. Your options are therefore going to be to implement your own proprietary user/group management APIs or implement SCIM 2.0. If you're looking for support from major identity providers (AAD, Okta, etc..) then SCIM 2.0 is likely the only standard that any identity provider will build against.
TL;DR: SCIM 2.0 is the way to go.
I have a question related to the security update (2020 LDAP channel binding and LDAP signing requirement for Windows) described
in https://support.microsoft.com/en-us/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows.
We are using IIS Integrated Windows Authentication for our ASP.Net application. And we are using .NET namespace (System.DirectoryServices) to handle AD connections, but we never pass any AD connection strings from our application, we use the current user context. we anticipate there should not be any impact on our application with this upcoming change.
Would like to confirm if there is any impact?
Would be happy to provide more information if needed.
We need our active directory to manage the autentication from the site, is there a way to configure the crafter-delivery profile/security in a way like we can do in studio?
Users added to the internal database after the user’s first successful login through external authentication are marked as **Externally Managed**.
There is no engine-config-override.yaml so i dont know how to do it.
The documentation says something about it, but its not explained anywhere.
Crafter Profile is built on MongoDB for extensibility and extreme
scalability and includes a multi-tenant profile attribute store, an
admin console for user profile management, chained authentication with
any existing authentication services including Active Directory
https://docs.craftercms.org/en/3.1/developers/projects/profile/index.html
Crafter Engine uses Crafter Security Provider library, which can be extended to support LDAP/AD.
Another, perhaps easier/better option is to just use SAML2 and not only will the users authenticate against AD, but they'll also get SSO.
Here is the guide: https://docs.craftercms.org/en/3.0/site-administrators/engine/engine-site-security-guide.html#add-single-sign-on
I am using Liferay Community edition. I want to use SAML for SSO integration. It looks like SAML is available only for Liferay Enterprise edtion. Can someone suggest me how to use SAML as sso integration in Liferay Community Edition?
As you correctly state: the existing SAML plugin implementation is for EE. You'll have to implement your own in order to use it with CE. When you have finished it, you might want to publish it on marketplace
In a related note, using SAML might point to the scenario in which you're using Liferay. And typically usecases for SAML are rather enterprisey.
Is this even possible? I want to build a small community site but do not want to use Live ID.
Sharepoint has an extensible authentication provider model, so you could use that to extend it to support openid.
See the OpenID membership provider project on CodePlex. This provides OpenID support for SharePoint.
If you're just looking for a windows-based community site framework, I'd suggest Community Server, which has a free license and built-in OpenID support.
http://communityserver.com/products/express/
Many people have already done this using DotNetOpenId with SharePoint.
There are some discussions on the dotnetopenid mailing list that cover this topic. Feel free to post your question there to get the responses of a few people there who have done it.
There are exists two solution that exactly meet your requirments:
SharePoint Claims Provider for SharePoint Claims Based Authentication that use Windows Live ID and other OpenID provider such as Google and yahoo.
it will allows you and your members sign in to your SharePoint site with any OpenID provider or Windows Live ID.
Check SharePoint Live Authentication here : http://www.shetabtech.com/english/SharePointLiveAuth