I face frequent disconnections on my application which connects to Docusign REST API using the Docusign SDK. The application runs in a windows VM , in which internet access is regulated through corporate proxy and firewall
To overcome this problem , I want to pass the network credentials to the Docusign SDK classes , so that the credentials be passed to RestRequest of RESTSharp. I can see the credentials property in RestSharp, but no equivalent method to pass the same to Docusign SDK.
Please help , anyone knows how to make this work in corporate proxy env?
DocuSign Rest Api does not support windows authentication. See this for the various forms of authentication supported by DocuSign Rest API.
Single SignOn
However DocuSign supports single sign-on with your organizations identity provider.
Here is the related documentation
single-sign-on-implementation-guide PDF
single-sign-on-overview
Video
Here is a cool video overview of the authentication mechanisms with docusign api.
Related
I have a cordova application which I am authenticating using azure AD cordova plugin and it all works fine. But now I am integrating services published in another domain and I am unable to authenticate these services using the mobiletoken generated after authentication. Can someone guide me how to secure multiple domain APIs published as Azure web APIs and use token to access the secured APIs.
I have tried to modify the secured settings in azure portal of one of the APIs by including reply URLs for both the APIs
When I include the token in the header of the ajax requests going into 2nd domain endpoints, I just get "unauthorized" error.
It sounds like you're able to get an access token in a Cordova setting and you're having issues accessing multiple web apis after the user has logged in.
The authentication protocol I would suggest you utilize is the on-behalf of flow which is doocumented here : https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow
Per the summary :
The OAuth 2.0 On-Behalf-Of flow (OBO) serves the use case where an application invokes a service/web API, which in turn needs to call another service/web API. The idea is to propagate the delegated user identity and permissions through the request chain. For the middle-tier service to make authenticated requests to the downstream service, it needs to secure an access token from the Microsoft identity platform, on behalf of the user.
This is to get a new access token with the right audience to gain access to web api 2.
We have a vendor membership management solution to manage our members, Netforum Pro. They provide a Web API via Rest or Soap for external applications to authenticate.
We would like to use Moodle as Learning Management System for our members. However, Moodle has an authentication plugin for SAML.
Can we use OneLogin as a middle agent in this situation?
Thanks
Linh N.
OneLogin acts as Identity Provider and has toolkits that will help you authenticate requests when used by application providers. In your case it looks like Moodle has already the functionality that you would implement with the OL toolkit and that NetForum is the Identity Provider. So using OneLogin won't help much.
You should look into http://documentation.abila.com/netforum-enterprise/2017.1/Content/Admin/Security/SAML.htm
I am trying to develop a serverless backend for my xamarin app. and for that I chose azure functions.
Now I already know that Azure Mobile Apps provide an SDK for this purpose with which we can easily enable Authentication with multiple ways which are following
1. Azure Active Directiry
2. Facebook
3. Google
4. Microsoft
5. Twitter
Now I want to allow login with atleast 2 of these in my app, but I am not using azure mobile app as backend, instead I am using azure functions. So how can I achieve the same result with serverless?
Thanks in advance.
AFAIK, when using Easy Auth (Authentication/Authorization in App Service), the user would be directed to {your-app-service-url}/.auth/login/{provider} for logging with Server-managed authentication. Users who interact with your web application through the web browser would have a cookie and they can remain authenticated as the browser your web application. For other clients (e.g. mobile client), a JWT would be contained in the x-zumo-auth header, and the Mobile Apps client SDK would handle it for you.
According to your scenario, you are trying to use user-based authentication with your function. I did some test, you could refer to them:
Firstly, I created a HttpTrigger function wrote in C#, then set the Authorization level to Anonymous.
return req.CreateResponse(HttpStatusCode.OK, req.Headers,JsonMediaTypeFormatter.DefaultMediaType);
Note: I just return all headers with the special headers specified by App Service Authentication / Authentication. Some example headers include:
X-MS-CLIENT-PRINCIPAL-NAME
X-MS-CLIENT-PRINCIPAL-ID
X-MS-TOKEN-MICROSOFTACCOUNT-ACCESS-TOKEN
X-MS-TOKEN-MICROSOFTACCOUNT-EXPIRES-ON
For more details, you could refer to App Service Token Store.
Then I go to Platform features and configure the Microsoft Authentication Provider under Authentication / Authorization. For mobile client, just use the Mobile Apps client SDK for logging and invoke the function endpoint as follows:
In summary, you could use the Mobile Apps client SDK for authentication with your function app. And you could configure the Authentication Providers as you wish, then for your mobile client you could set the related provider name when calling LoginAsync for logging. For your function, you could check the X-MS-CLIENT-PRINCIPAL-IDP header and retrieve the current user info and token for the specific provider.
Since Azure Functions are built on top of App Services, like Mobile Apps, you can still use Azure Active Directory authentication or the API keys for the Http triggered functions.
I'm writing a mobile app for a DocuSign client using PhoneGap (i.e. with JavaScript, HTML5, CSS3). I created a DocuSign integration key and selected This is a mobile app. However, DocuSign is requesting a URI. My URI will be a file in a folder (e.g. /DocuSign/callback.html). When I try to enter my URI without a domain name DocuSign with not save the path to my file. Is a URI required to have a domain name for mobile apps using the OAuth2 Implicit Grant method? If so, how do I add a URI to my integration key without a domain name?
If you want to use one of the OAuth2.0 authorization flows in your integration then you will need provide an publicly accessible return URL for so the DocuSign authentication service knows where to redirect the user once they are done logging in through the standard DocuSign login flow. This way your app does not need to manage or eve ask for your users' account passwords which is one of the main advantages of OAuth.
Alternatively if you want to build a service integration where authentication is take care of in the backend and there's an account "tied" to the integration you can use the X-DocuSign-Authentication which does not require a redirect URI.
Learn more about DocuSign authentication.
I am new to OpenAM and trying to secure my webservices using OpenAM. I have installed J2EE policy agents using below information in the link.
https://wikis.forgerock.org/confluence/display/openam/Installing+Tomcat+6.0+Policy+Agent
I need to provide security for my REST APIs. So where should we need to configure the REST APIs in the OpenAM console.
Please provide me some links where i get some information.
OpenAM policy agents are the OpenAM proprietary way to achieve (Web)SSO and authorizations. You could configure URL policies as described in the docs https://backstage.forgerock.com/#!/docs/openam/13/admin-guide#chap-authz-policy, however the REST client must obtain an SSOToken and send this along when accessing the REST service.
You could also use OAuth2 which would be a standards-based approach.