We have standardized on JBoss PicketLink as our Authentication, Authorization, and Identity Management framework and use it throughout our enterprise applications. Now, we would like to integrate JBoss ModeShape as a content management repository into one of our applications. Is there a way to have ModeShape leverage the PicketLink Identity, Roles, Groups, etc. in its authentication and authorization decisions? I would hope that since they're both JBoss projects the integration would be easy, but I haven't found any documentation around how to configure it.
Related
This question is asked in the context where a company wants to implement a new SaaS solution with a REST API plus a single-page web-application on top of it,
where authentication and authorization and also user management are to be implemented using Microsoft Identity Platform and Microsoft Azure Active Directory.
I am wondering if in such a scenario, an own SCIM (2.0) endpoint is needed at all, or if perhaps simply a user management API (which itself may or may not be SCIM compliant) of Microsoft Identity Platform or Microsoft Azure Active Directory can be used for user management, so that users would only be stored and managed within AD for now.
Baseline expectations for multi-tenant SaaS applications nowadays include user provisioning functionality. SCIM 2.0 is the only widely adopted modern standard for internet-based provisioning. Your options are therefore going to be to implement your own proprietary user/group management APIs or implement SCIM 2.0. If you're looking for support from major identity providers (AAD, Okta, etc..) then SCIM 2.0 is likely the only standard that any identity provider will build against.
TL;DR: SCIM 2.0 is the way to go.
We have a vendor membership management solution to manage our members, Netforum Pro. They provide a Web API via Rest or Soap for external applications to authenticate.
We would like to use Moodle as Learning Management System for our members. However, Moodle has an authentication plugin for SAML.
Can we use OneLogin as a middle agent in this situation?
Thanks
Linh N.
OneLogin acts as Identity Provider and has toolkits that will help you authenticate requests when used by application providers. In your case it looks like Moodle has already the functionality that you would implement with the OL toolkit and that NetForum is the Identity Provider. So using OneLogin won't help much.
You should look into http://documentation.abila.com/netforum-enterprise/2017.1/Content/Admin/Security/SAML.htm
I am using Liferay Community edition. I want to use SAML for SSO integration. It looks like SAML is available only for Liferay Enterprise edtion. Can someone suggest me how to use SAML as sso integration in Liferay Community Edition?
As you correctly state: the existing SAML plugin implementation is for EE. You'll have to implement your own in order to use it with CE. When you have finished it, you might want to publish it on marketplace
In a related note, using SAML might point to the scenario in which you're using Liferay. And typically usecases for SAML are rather enterprisey.
I am new to grails and Azure. I have a grails API that uploads and downloads documents to Azure blob storage. The API is used by consumers who need to be authenticated using Oauth 2.0. I found a grails plugin https://grails.org/plugin/spring-security-oauth2-provider that claims to provide oauth tokens for authentication. Is this the best way to authenticate a grails API service?
Azure also seems to provide Oauth 2.0 authentication to an active directory. Instead of using the grails plugin, how is it possible to leverage Azure's Oauth authentication for an active directory to grant access to the grails API?
We are using Spring Security Core Plugin and OAuth2 Provider to secure Grails API. It will secure the API's, by restricting access to authorized users based on their role.
You can have in depth look how Spring Security Core Plugin provides the base for the OAuth here.
Configuring the spring security core and spring security rest grails plugins to set up a token based authentication is the simplest and straightforward way to implement authentication for a grails API.
I know that its an old thing to do a security for my web application but the new patterns and updates are quickly changed for example for asp.net i don't know how to combine site administration ,membership and role providers, forms authentication ,roles and claims (owin that introduced in katana project )..and if i should implement my own security does it needed to do all stuff on the same pattern as asp.net ?