I have already implemented with shibboleth on apache an adfs authentication with SAML2.
Now i need to add a second authentication type with OAUTH2.
How to achieve this solution for use both authentication ?
Related
I have an Angular application(ex. https://localhost:44301) that is
using Web API(ex. https://localhost:44302) to interact with data.
I have an Identity Server 4 (ex. https://localhost:44303) for authentication in which we have even
configured external login with Azure AD.
Our Architecture is something like below :
Now I want to add ADFS 3.0 (even ADFS 4.0 i.e. multiple ADFS) as a external login provider
So as per my research I have to go for only OAuth 2.0 with
Authrization Code Grant.
ref: https://github.com/nordvall/TokenClient/wiki/OAuth-2-in-ADFS
For that what type of configuration should I add into ADFS server. I am mainly confused about:
what should add as relying party trust identifier ?
what should as a resource into authorization request ?
what configurations for custom claims ?
There are three ways you can do this.
You can add ADFS via:
SAML 2
WS Fed
OpenID Connect
So:
SAML or you could use the Rock Solid Knowledge stack described in that blog
WS-Fed - use the built-in ASP.NET Core SP option
OIDC is doable but rather go with above
In both these cases, ADFS is a CP to idsrv4. idsrv4 is an SP to ADFS.
If you go with OIDC, it's an application group.
Is it possible to use Spring OAuth2 as a pure authorization solution while providing external authentication for it? Or is Spring OAuth2 even supposed to be used in such a manner? If yes then what are the injection points for that kind of configuration?
If your are familiar with Kong then it's basically how the OAuth plugin works:
here Login Webapp (which is responsible for authentication) is an external application to Kong OAuth.
I am looking for Single sign on (SSO) with SAML2 tokens and I have to used ADFS. I can't use WIF.
I googled a lot to understand SSO, SAML2 and ADFS, now I have some doubts which I am not getting.
Scenario: The applications are asp.net MVC application
1. App-A(Windows Authentication) : hosted and it is using ADFS.
2. APP-B(Form Authentication): authenticates the user using the UID and PWD stored in DB.
Do I need a intermediate application to accept the SAML2 token and process it(similar to Identity provider) or it can be done in the App-A itself?
In the App-B what are the things I have to implement to make it aware of SAML2 request(do i need to implement custom handler)?
please help me to choose the right things for the implementation.
--Thanks--
You need a SAML stack for your application.
Refer SAML : SAML connectivity / toolkit and the links in that entry.
For A, perhaps you can use the WIF SAML extension mentioned in the article above?
For B, you need to rip out the DB authentication and add the SAML functionality as for A or else have a look at Identity Server which you can federate with ADFS and which also authenticates using a DB (but doesn't support SAML itself).
I successfully completed login module of my application using spring security's inbuilt authentication & authorization mechanism.But later i was told to check if i can integrate WSO2 (SOA solution as external Authorization mechanism) with Spring security so that i can use Spring security's authentication mechanism alone and WSO2 for authorization instead of using Spring security provided Authorization.
I did search & read the documentation and i could get details about using External authentication with Spring security & nothing about External authorization.I would like to know if i can do the same and also how i can do it.Any pointers will be really helpful for me.
Does Spring Security integrates with WSO2 Identity Server? If yes, then is there any sample or tutorial available for this?
Did you had any luck?? If so, could you point me in the right direction?
I'm researching on the same topic, you should take a lookt at:
Spring Security Extensions
Spring Security Extensions Git Web Interface
You could use either SAML2 or Kerberos to authenticate against WSO2 Identity Server, although I have not tested this yet, but should work.
If this is related Spring Security OAuth2 Integration with WSO2 IS.
Actually, there are 2 different ways to integrate Spring OAuth with WSO2 Identity Server:
using the WSO2 IS admin web services like OAuthAdminService, OAuth2TokenValidationService
sharing the database (not recommended, your application shouldn't have access to the identity provider database)
It's quite easy to integrate Spring OAuth with WSO2 Identity Server, of course, you could reimplement all TokenStore methods or the DefaultTokenServices to provide even more functionality and make the integration as transparent as you like but this sample is meant to show the very first steps.
You can refer the below blog https://www.yenlo.com/blog/wso2-spring-oauth2-integration-with-identity-server