What is the easiest and most standard way to authenticate from Sharepoint 2010 to a Spring Security Application?
An authenticated user in Sharepoint follows a link, and it is automatically logged into the Spring application.
What are the options?
Thanks and regards!
AFAIK there is no out of the box Spring Security/Sharepoint integration. We're in the process of writing our own integration framework for this. In simple terms it goes something like this:
User tries to access a resource which is protected by Spring
User is redirected to Sharepoint/IIS
Sharepoint/IIS authenticates user if not already authenticated
Sharepoint/IIS redirects/posts a securityassertion back to Spring
which is digitally signed
Spring verifies assertion is authentic and creates a local security
context
The protocol is based on SAML2
Drop me a message if you want to know more about this or follow our blog for updates
Related
I'm trying to create a web application that uses a Web API to perform database operations. I've created a project at work that uses Windows Authentication on the API Level. Since this is an intranet web application I don't need to implement a login mechanism on the web application. However, this project I'm working on can be private or public web application and I would like to implement a login mechanism but I would like to be able to specify what type of security to use i.e. LDAP, generic username/password, Google, Facebook, etc.
The question is, what is the best strategy to implement security on both Web Application and Web Api. For Web Api, I could probably implement some soft of token mechanism like other Apis. But not sure if there are other ways.
Is Sign-in option like Google, Facebook, etc done on the Front-end side? or can I Implement it on the WebApi side?
The best practice on this case,
Web Application: client certificate authentication or username/password
Web API: JWT
or if the target company uses G suits with the company domain, Google will be okay.
You can set a filter using domain name of the email address.
I want to implement login and logout functionality and retrive user details like username and user role using Azure Active Directory.
We are using Docker to deploy Spring cloud microservices project on Azure cloud. Could you please suggest me steps to get user details?
Do we need to secure all microservices edge points using Spring cloud OAuth2 security using JWT or just we can secure one web microservice ? Do I need any permission ,specific user roles to implement this?
You can find Azure's documentation about OAuth 2.0 support for AAD here
https://learn.microsoft.com/en-us/azure/active-directory/active-directory-protocols-oauth-code
I've got an application that's using OAuth 2.0 with a different Authentication Server, and I'm about to see if I can use AAD as the Authentication Server. But, whatever ends up being your Auth Server, the rest of the application should be the same...
The Auth Server handles the log in (typically as a Single-Sign On pattern)
The Auth Server will return a Json Web Token (at some point, depending on the Grant Type being used to retrieve it)
The JWT should be included in each subsequent request to ensure the caller has authorization
From a Spring perspective, you'll need at least a SSO Client (denoted by the #EnableOAuthSSO annotation). If everything in hosted by that process, you'll need that JWT to call subsequent methods. If you have processes hosted in other processes, it's likely you'll want them secured as well. Using the #EnableResourceServer annotation will configure Spring Security to look for the JWT, just not attempt to retrieve one if the request does not have it.
Unless the endpoint is meant to be publicly accessible, you will want to secure it. Of course, I really don't know the context of your application, so this statement is purely an uninformed opinion based on zero knowledge of what you're trying to do with your application. Take it for what it's worth.
EDIT
This has become a little more complex than I originally thought. I have been able to write some code to dynamically retrieve the public key from Microsoft in order to validate the returned JWT.
But, the main issue is the fact the Azure AD supports Open Id Connect when acting as an Identity/Authentication Server. And, at the moment, spring-security-oauth2 doesn't support Open Id Connect.
I was able to make some small changes to the spring code, but I did ask the question to the Spring group and they are actively working on adding support for Open Id Connect. They hope to have a release two months (ish?).
For the short term, the oauth2 support doesn't support Open Id Connect. Given this is the protocol used by AAD, the current version of oauth2 won't work with AAD. That said, I will be happy to wait for the official support which shouldn't be too long.
I want to integrate liferay with my existing application, for that i want to use JSON web services offered by liferay, Most of these services (listed at /api/jsonws) ask for authentication token "p_auth", however i don't find any log in or authenticate method in these services which can give me this p_auth token.
My application is php and i am not expert in java, so looking for some REST and/or SOAP based http method to log in/authenticate. Is there any way to do so?
Liferay added p_auth key to links marked with #ActionMapping annotation for preventing CSRF attacks. You can disable this token with
auth.token.check.enabled=false
on the Liferay side (portal-ext.properties file), but in this case anyone could be able to log in in such method.
You can read more here
I'm developing an application with Grails.
Im trying to implement an SSO-functionality. But I can't authenticate the users via windows session, because some of them has another windows passwort as the domain password.
(I retrieve the users via LDAP) So, how can I authenticate them?
Scenario should be following:
User goes to the Grails-Site
Popup appears where the users has to fill in with his credentials
After that, he has never to authenticate again...
Does anyone of you has some experience with it?
I think if you need SSO for many grails applications a good choice is to add saml support to your grails applications using this plugin and then build an IdP (there are many in many languages) and connect the IdP to your ldap.
SAML is standard and is the future.
If you need more info about saml check the saml entry at wikipedia. There you can find links to documentation and software.
Besides what it comes with in 2.0 (the generated aspnetdb.mdf), is there a standard login authorization authentication system for asp.net Internet websites? One that can plug into a website.
"the generated aspnetdb.mdf" is the ASP.NET Membership model. You can use it in websites without the generated aspnetdb.mdf.
From an article in MSDN called Introduction to Membership:
ASP.NET membership gives you a
built-in way to validate and store
user credentials. ASP.NET membership
therefore helps you manage user
authentication in your Web sites. You
can use ASP.NET membership with
ASP.NET Forms authentication or with
the ASP.NET login controls to create a
complete system for authenticating
users.
See my answer and comments here, too.
You can use aspnet_regsql.exe to create the required tables/sprocs/views in any sql server db of your choosing. Once you've added the proper connection string and membershhip configuration, you can use all of the membership stuff that was added with .net 2.0
4 Guys has a pretty good tutorial on how to implement the membership system, and they cover using aspnet_regsql.exe.