I have a web application running in a docker container. I need to let only the users authenticated with Microsoft SSO (only the users in my AzureAD tenant). The web application is written in Spark Java and trying to change the existing basic authentication to Azure with MSAL4j is proving to be time consuming and difficult.
Is there a way to authenticate all users with SSO externally to the container without having to change my application?
I saw an Azure NGINX solution on NGINX site but it seemed to not have a free version. Anything I can use out of the box or develop?
TIA!
There is no way to authenticate all users with SSO externally to the container without having to change your application. You would need to change your application code and add the Azure Authentication manually.
Related
I am trying to use the snowflake connector inside docker container. I want to use the externalbrowser authenticator so that I can make connection using Okta credentials but the connector is failing with below mentioned error.
DatabaseError: (snowflake.connector.errors.DatabaseError) 250008 (08001): None: Failed to connect to DB: xx.snowflakecomputing.com:443, Unable to open a browser in this environment.
(Background on this error at: http://sqlalche.me/e/13/4xp6)
As an aside, I'd recommend removing your account name from the question (shown in the error).
You are correct that the "externalbrowser" option is a browser-based SSO. It might be possible to get this running a docker container with some extended software and configuration, but I wouldn't recommend it as it doesn't seem worth the effort.
Instead, there's alternative SSO authentication methods you can look at such as Native SSO Okta, key-pair authentication, or external OAuth. These won't require the browser.
We have a bunch of applications that are deployed on openshift. For e.g. we have a Project A and it has three applications.
Is there a way in openshift where we can configure it(by creating a new application) to be authenticated so that when users try to access these applications, they will be routed to the login page and will be authenticated?
I have an Azure Web App for Linux Container with PHP Web Application deployed as a single Container. This Azure Web App is running with minimum of two of instance and is setup to auto scale. This Web Application uses sticky session. Does the Azure Web App for Linux Container supports it? Is there any way I can set it up in Azure Web App for Linux Container?
Of course, the Azure Web App for Linux Container supports the sticky session. But in the Web App, it calls ARR affinity, if you need the sticky session, just enable it. In addition, it's enabled in default. You can take look at the document here. You can enable it if it was disabled:
I can create an FTP-server using docker according to this.
I wonder whether it works in the azure web app for containers.
If the answer is yes, how could make it works?
By the way, I've tried it, according to the steps from the link, I have to create users. but I don't know how to connect the container's linuxOS.
Generally, the FTP server should need to open multiple ports as the document you provided shows. But Azure Web App service only can open 80 and 443 port. And you would not be a whole controller for it. So, if you want to deploy an FTP server, the Azure Web App service is not a good choice. Even if it can run the FTP image. And the VM is recommended.
By the way, if you want to connect to the container's LinuxOS of Web App, you need to enable the SSH feature in the image before you deploy it into the Web App. You can follow the steps about How to enable the SSH in the Web App.
Our OPS team have configured a SSO tile that connects to ADFS. I am building a sample application that utilize an SSO service instance. I can deploy my application to PCF and remote debug my SSO configuration. These things work.
What I need is a way to access the SSO service instance while I am developing on my PC. Otherwise only way to verify my code really works is to deploy my application to PCF and either add log statements or configure remote debugging. Both of these are pretty time consuming.
I looked into configuring ssh access to pivotal services. That works for database service instances, but not for SSO service instance. Has anyone figured it out?
After repeated trials and error, I found the solution. Posting it here in case someone else has similar issue
In PCF, for your SSO add a new application. Auth redirect url for this application should point to your localhost. In my case it is http://localhost:8080
run cf env . Copy the p-identity section only and save to vcap_services.json. Then update the clientId and clientSecret with the values from the new application created in previous step.
Use the following command to start your application
VCAP_APPLICATION=true VCAP_SERVICES=$(cat vcap_services.json) SPRING_PROFILES_ACTIVE=... ./gradlew bootRun