I am new to grails and Azure. I have a grails API that uploads and downloads documents to Azure blob storage. The API is used by consumers who need to be authenticated using Oauth 2.0. I found a grails plugin https://grails.org/plugin/spring-security-oauth2-provider that claims to provide oauth tokens for authentication. Is this the best way to authenticate a grails API service?
Azure also seems to provide Oauth 2.0 authentication to an active directory. Instead of using the grails plugin, how is it possible to leverage Azure's Oauth authentication for an active directory to grant access to the grails API?
We are using Spring Security Core Plugin and OAuth2 Provider to secure Grails API. It will secure the API's, by restricting access to authorized users based on their role.
You can have in depth look how Spring Security Core Plugin provides the base for the OAuth here.
Configuring the spring security core and spring security rest grails plugins to set up a token based authentication is the simplest and straightforward way to implement authentication for a grails API.
Related
I am trying to implement OAuth 2.0 authorization code Grant between Angular (Front-End) and Spring Boot (at Back-End) using Azure AD. I am unable to get any success. I have looked into the documentations available in Azure Doc. There are no samples with Angular in Front End and Spring Boot in Back End. Any suggestions would help.
You can refer to this document, which uses Angular as the front-end, Spring Boot as the back-end, and uses OAuth 2.0 auth code flow to grant authentication.
Kinda new to this area of customizable sign-in/sign-up.
I'm currently planning to use social sing-in/sign-up in my Web API project, that handles backend process for my Web App and Desktop Client. I found it is easy to add a OpenID Connect provider to my Identity Provider, but am not sure how can I add OAuth2 provider. Is there a good example or tutorial on this topic?
Also, according to this and that post, it is recommended to use OAuth2 for native apps and OpenID Connect for Web API/Web Apps. Unfortunately the organization whose authentication I'd like to let customers use doesn't provide OpenID Connect. Is this still fine for my scenario?
This sample should be able to help you achieve what you are looking for. It uses the OAuth2.0 authorization code grant with confidential client and ADAL to obtain access tokens for the web app to call the Graph API with the user's identity.
This reference on authentication scenarios should also be useful to you.
We have a vendor membership management solution to manage our members, Netforum Pro. They provide a Web API via Rest or Soap for external applications to authenticate.
We would like to use Moodle as Learning Management System for our members. However, Moodle has an authentication plugin for SAML.
Can we use OneLogin as a middle agent in this situation?
Thanks
Linh N.
OneLogin acts as Identity Provider and has toolkits that will help you authenticate requests when used by application providers. In your case it looks like Moodle has already the functionality that you would implement with the OL toolkit and that NetForum is the Identity Provider. So using OneLogin won't help much.
You should look into http://documentation.abila.com/netforum-enterprise/2017.1/Content/Admin/Security/SAML.htm
I am new to OpenAM and trying to secure my webservices using OpenAM. I have installed J2EE policy agents using below information in the link.
https://wikis.forgerock.org/confluence/display/openam/Installing+Tomcat+6.0+Policy+Agent
I need to provide security for my REST APIs. So where should we need to configure the REST APIs in the OpenAM console.
Please provide me some links where i get some information.
OpenAM policy agents are the OpenAM proprietary way to achieve (Web)SSO and authorizations. You could configure URL policies as described in the docs https://backstage.forgerock.com/#!/docs/openam/13/admin-guide#chap-authz-policy, however the REST client must obtain an SSOToken and send this along when accessing the REST service.
You could also use OAuth2 which would be a standards-based approach.
I am looking at Windows Azure ACS as an alternative to implementing my own username / password scheme in my app. This will be a publicly available website.
In addition to using SSO providers such as Google or Facebook, can I use Windows Azure ACS to support username/password authentication?
I see that it supports Active Directory as a provider. I am not sure this is the right thing as I have always thought of Active Directory as an "enterprise" provider.
Windows Azure ACS does not support username/password authentication in the form you need. Shahin outlined it in details.
Your options really are:
Windows Azure Active Directory (WAAD)
Identity Server (IdSVR)
While classic on-premises Active Directory deployed with a Domain Controller option is indeed quite enterprisy, WAAD is not exact copy of the same in the Cloud. I would actually recommend that you give a shot and try out. Using the WAAD Graph API you can fully automate user management in WAAD.
Your second option is based on IdSVR. This is full-featured Identity Server and Security Token Service. It is developed against the best practices in security and is quite easily extensible! While it does not provide out of the box support for user management (user registration, password reset, etc.) it is ASP.NET MVC 4 application. So you can very easily add this features yourself. There actually is an open enhancement planned for User Management API and UI.
Both WAAD and IdSVR integrate well with ACS, so you can provide seamless support for social identities along with own login.
Another service that is still in Beta/Preview is the SocialSTS project. It is kind of extension to Azure ACS and is designed to help you add more identity providers (such as LinkedIn, Twitter, GitHUB, Amazon Login, etc) to your Access Control Service.
You can authenticate directly with the ACS by using Service Identities, but they are not intended to be used for end-user authentication, as the page explains:
Service identities are not intended to be used as end-user credentials. In ACS, service identities are most commonly used in REST web service scenarios, over the OAuth WRAP protocol, where a client requests a SWT token directly from ACS to present to the web service.
I believe this is the only way to directly get a token from the ACS.