I want to implement SSO (using LDAP) in my NodeJs project and I am considering my options. I have used Kerberos in my Spring Boot project but I am not sure if Kerberos is well supported in the NodeJs community. If not, then please suggest a better alternative to Kerberos.
Related
Our project have a requirement to implement SSO in legacy application(Running in Weblogic) and New microservices/angular application - using PF OpenId/OAuth 2.0.
New application is using OpenId/OAuth 2.0 end point to authenticate/authorise. When I navigate to legacy application from new application , I should be able to pass the jwt token without asking for login and create user session in legacy. Also when I login first in legacy application running in Weblogic then I should be able to authenticate the user using openId/OAuth 2.0 and pass the token to new application.
Question: Is it okay to call the OpenId/OAuth 2.0 end point configured in PF from weblogic and create the user session or PF has any weblogic integration kit to achieve this?
Yes, I would suggest using Weblogic's OIDC functionality. Ping used to have a Weblogic integration kit, but with the addition of OAuth and OIDC to the Weblogic identity provider functionality, you're far better off using it than one of the kits.
If you don't want to use that functionality, another avenue is a WAM tool (such as Ping's PingAccess) or some functionality in a proxy like nginx or Apache in front of your application servers.
I am a beginner to Kerberos SSO integration in Angular + Node project. I went through many of the links and forums related to it. However, not able to figure out, From where to start?
Still trying to find a way to implement the Kerberos SSO in my application.
I already read and understand the concept of Kerberos, but I can't see any examples of how to use it practically.
Below is the scenario:
I have an Angular application, I need that only registered to the Active Directory computer will be able to access the web.
I have to do the auth using Kerberos, but I don't know how to start.
Thanks for helping.
I am used to develop web apps using the Meteor JavaScript framework, which handles authentication. I am now developing for the first time a web app using a Node.js (Express) + GraphQL stack on the backend, with React on the frontend, so I have to handle authentication myself.
I read a lot of things about it, and I like the idea of token based authentication. I am thinking about using JWT, so I don't have to deal with sessions.
I know there are a lot of tutorials, but each one always has a sort of disclaimer like : "this tutorial is not production ready, use it for educational purposes only...". Every time I read something about authentication, it seems to be something so difficult to implement that I shouldn't implement it myself. But I don't want to use services providers like AWS Cognito, Google Cloud Platform because I want to keep my users data in my own system and database. I don't want to be tied to a third party provider.
I know how to generate jwt tokens, refresh tokens, how to verify them, etc... I am able to develop a working auth system, but I am never sure I do it in a secure and production ready way because of all those comments I can read on the Internet.
So, what would you recommend to implement a secured and production ready authentication system in a Node.js server without being tied to a third-party provider. Do you know any complete tutorial or documentation about it?
There are several approaches to implement authentication for an application.
Use a identity server manage by you
Use a fully manage service for authentication.
Use authentication middleware.
Write your own authentication solution.
If you are afraid in vender locking I would suggest to use an authentication middleware like PassportJS which will facilitate the abstraction of authentication strategy with its implementation.
On the otherhand writing your custom authentication can be challenging in terms of security, specially finding snd fixing these vulnerabilities.
Can anybody point me in a direction for configuring the jhipster gateway to use an external OpenID Connect (OIDC) provider instead of bundling all the UAA stuff? I know of the jhipster UAA server, but that seems to be a standalone auth server.
My use case is that my (many) different jhipster microservice projects will have their authentication and JWT generation stuff handled by an external OIDC provider - not the jhipster gateway itself.
Btw, I'm aware of these projects:
github.com/jhipster/jhipster-openid-connect
github.com/sdoxsee/jhipster-openid-connect-microservices
And I've read through this lengthy discussion which seems to conclude that and OpenId Connect alternative is in the making:
https://github.com/jhipster/jhipster-experimental-microservices/issues/3
I have some ideas:
Set up a microservices stack to use the UAA server. Then, in some way, instead of using the jhipster UAA server, point at my external OIDC provider.
Look at what mraible has done with regards to the Stormpath (and soon to come Okta) subgenerator.
Experiment with "social logins"(jhipster.github.io/tips/012_tip_add_new_spring_social_connector.html)
Would anybody like to discuss?
You may be already aware but OpenID Connect support has been merged and is due to come out in the next jhipster release (4.10.0?)
Here's the merged pull request and more support is coming.
we would like to develop a new node.js based application using some SSO technology.
More applications will join then after using the same SSO infrastructure and logic.
We do not have specific requirements on the SSO itself, but it need to authenticate users
via a local DB (managing user name and passwords)
via our enterprise AD
via some external/federated SSO (I guess via SAML or so)
Also if it would support XACML it would be great.
I believe one of the most complete solutions on the market is the WSO2 Identity Server... but we would be open for others too.
The main question though is simply:
Is it possible to have such a solution in node.js?
Or do we need to shield node.js behind some (Apache) server to get SSO?
What would be the best approach?
Any inputs would be appreciated.
I've used azure active directory in my node.js projects for authentication, this might work as you are using active directory. Here is a sample.