I am working on SSO and trying to make my existing Rails application as the identity provider and Salesforce as the service provider. I have tried saml_idp gem but no luck with it. I am open to implementing any strategy like SAML, Token based authentication, OpenID connect but I am not getting any proper tutorial on how to do it.
Any help will be appreciated!!
Related
I would Like to configure SAML for the SSO purpose in my current application. My application has backend with rails and frontend in ReactJs and would like to use SSO to authenticate over decobe platform. As per my research i found that SAML would help me to authenticate over docebo from my entity provider (my web application). Please help me how can i integrate SAML in above scenario.
I am creating website using Spring Boot, Spring MVC and spring-security-oauth2 and I am trying to authenticate my locally stored users against Google, Facebook, GitHub ... OAuth2 services. I also have standard username-password for them.
My idea is to store pair of [OAuth2_provider_type,OAuth2_subjectId] for each user to local database from the first success oauth login and then use this pair to find correct user when user authenticate himself by Google (or FB...) again. I have correctly authenticate with Google/Facebook but I don't know how to connect my local stored users to Spring OAuth2 Security and get them to SecurityContext.
Could somebody point me to some example or integration test where I can see something similar?
I am scanning spring-security-oauth2 sourcecode and I am confused little bit - do I need OAuth2 AuthorizationServer or ResourceServer for that?
Thanks for any help!
We are currently using IdentityServer3 for authentication and authorization with our asp.net MVC(angular.js) and webapi clients. We are about to bring on a new customer that uses PingIdentity for their Single Sign On(SSO). The customer would like to be able to integrate their SSO into our application.
Is this possible with IdentityServer3?
Thanks in advance!
You should be able to leverage the WS-Federation capabilities that both products have to integrate them. IdentityServer3 playing the Service Provider (or: RP) role, the customer playing the Identity Provider (or: IP) role.
Have you looked into KentorIT Authservices? It's a SAML plugin for IdentityServer3. I was able to add OneLogin SAML authentication with this plugin.
-Scott
We have all the user data in our local mysql database. We are moving our services to cloud and I need to use cloudfoundry UAA to authenticate by calling a login microservice endpoint on our network instead of doing uaac add user for all the users in db.
I am new to this, it would help me if you can explain the steps to do it.
Thanks in advance
I assume (based on the SAML tags on your question) that you are thinking of doing this with SAML. If this is your first time doing SAML then there is a bit of learning curve. If so you may find it easier to just creating a custom Login app.
SAML
You would setup an Identity Provider and the IdP would authenticate users against either mysql or your login microservice. simplesamlphp can be used for this purpose. A user would authenticate to the IDP, the IdP generates a SAML assertion (e.g a signed xml doc with information about the user) that gets sent to the Service Provider (UAA). The service provider then looks at the assertion to determine who the user is. UAA supports SAML logins. It has been a while since I've set it up that way, but I recall you run a separate 'login' war from the rest of UAA, and the login war uses APIs to talk to UAA. You also need to configure the SAML trust relationship between ssp and the UAA login war. This isn't hard to do if you are familiar with SAML. If you aren't then it can be difficult to get all the pieces right.
Custom Login App
I think an easier approach is to just build your own login app that calls your authentication service and the UAA apis. UAA provides a sample app and documentation
I know that IdentityServer3 provides the whole stack of implementing OAuth 2.0, OpenId Conect etc. I don't know if I should use IdentityServer3. Because I have my own login server which authenticates the user using a membership provider which is already available. Can I integrate my already available login mechanism with IdentityServer3 and implement OAuth 2.0?
Any suggestion will be highly appreciated.
Moving the membership part to identityserver is easy. If you want to keep the whole "login experience" just the same but use idsrv for protocol support - this is more work.
You can move your login app into idsrv and use the partial login concept. This requires your existing login page to interact with the idsrv OWIN extension methods.
Another option is to encapsulate your login app as Katana authentication middleware and plug it into idsrv as an external provider.