I'm new to mautic. We have an java application that manages authentication of its users. It also support openid connect/ jwt/oauth flows. We are planning to use mautic as a separate server . How do I integrate my application with mautic? Seems like the mautic only support SAML for SSO. Does that mean our application now need to act as SAML IDP? Or is there a way to get mautic to support JWT/oauth/openid connect
Can you clarify why you need to authenticate users, will these all be people who will be working in the back-end of Mautic? Otherwise you won't need to use authentication for regular folk accessing resources or landing pages you create, they don't need to log in.
The developer documentation would be a good place to start for all things technical/development, which you can find here: https://developer.mautic.org/ - this includes information about authorisation and specifically OAuth which might be helpful: https://developer.mautic.org/#authorization.
You'll find some documentation on using the SAML function here if you're going that route: https://www.mautic.org/docs/en/authentication/saml.html
Happy to help if you get stuck!
Related
I am new to Spring world and with the help of lots of information available online, I have pretty much developed Spring MVC Application I am working on currently.
Last piece I have to implement is to integrate OAM SSO in my application to use as authentication.
I searched a lot on web but couldn't find single example of implementing third party Authentication provider.
I finally realized that I have to use PreAuthentication but I am not sure how I would implement it.
I am unable to share my code because any thing I tried until now is not working and I feel that I haven't got right path yet.
Any help would be much appreciated.
To give you brief idea about OAM, OAM authenticates user ID and Passwords and sends you authenticated requests with a cookied, OBSSOCookie. Using this cookies, you need to contact OAM and get User ID and password and also User Roles (Authorities). Any request coming to your application is already authenticated so you do not need to authenticate again. all you need to do is, using this cookie, need to retrieve user Authorities.
For Spring MVC, you could use the spring-webmvc-pac4j security library, instead of Spring Security. Use a CookieClient to deal with the OBSSOCookie and create your own Authenticator to check this cookie against OAM.
Has anyone actually used OAuth2 for SSO within Spring Security 3?
Scenario:
I need my users to be redirected to an OAuth2 URL when they try to access any URL on my site for the first time. Once they are authenticated there, it will redirect them to a URL on my site, where I need to authorize them and create a session so that they will stay authorized on my site until they log out or time out.
I have tried several configurations in Spring Security using custom pre-auth filters, custom user details services, etc., but I cannot get the flow to work properly. I've not attached any code because I've gone through so many possibilities that I'm not even sure what to post.
I'd appreciate any direction anyone can give. Thanks!
OAuth2 isn't intended as an SSO solution. It's primarily about delegating the right to access resources on your behalf to other parties (applications, for example). So if that's not something you need then perhaps you should be looking at a simpler solution.
It's possible to use OAuth2 to allow access to a resource which provides information on your identity, in which case it can be expanded for authentication use. This is how OpenID connect uses it (by adding a userinfo endpoint resource).
You might want to take a look at the UAA project within CloudFoundry which is built on Spring Security OAuth and uses OAuth2 in this way to provide authentication services and to issue access tokens to applications within the system.
This appears to be a somewhat dead question but here are some resources that may prove useful to future searches:
#EnableOAuth2Sso
#EnableOAuth2Resource
Spring Cloud oauth2 SSO sample
Spring oauth2 SSO with a whole bunch of other stuff too
Who is your Oauth2 provider? In a case of some public one like Facebook, Twitter, Google and many others you can take a look at Spring Social project. Even if you use some private provider you can add it very easy (http://blog.springsource.com/2011/03/10/extending-spring-socials-service-provider-framework/, Developing a Netflix Service Provider Implementation section).
Spring Social is designed to cover your main case with some minor difference: by default you must submit a form to start authentication process. I think this difference may be easy customized to feet your needs.
You can play with Spring Social Showcase sample to have an idea about authentication workflow.
Hope this is not too broad but after a lot of googling I am not sure where to start. I am looking for a introductory/noob overview to help me get started on building an authentication implementation for a rails 3 application.
Basic technical requirements:
Rails 3 application is hosted on third party service (heroku)
Need to use specific external private SSO service to authenticate users.
No local user database or model in the rails application.
Authentication is token based meaning that there is a special cookie that needs to be read passing back token to SSO server (not rails based).
I have no control over the SSO server or infrastructure.
Trust of the SSO server is implicit and do not want to maintain local database of users, passwords, or sensitive information. User info only exists during session and the SSO server is authoritative.
Session token info is cookie based and lives for the duration of the browser session.
I am looking for basic example/tutorial/strategy/explanation of how the process would work in rails with the above setup. I would like the process to be seamless for user with workflow that basically looks like this:
Navigate to rails app -->
redirect unauthenticated users to SSO server -->
login and authenticate via remote SSO server -->
callback/redirect to rails app -->
capture user info passed back from SSO server and load protected resources in rails app
Strategy is completely custom using a private SSO resource and does not use a well published auth mechanism (in other words not Facebook, Google, Twitter, OAuth, etc).
Any help on terminology, coherent tutorials, examples would be appreciated.
Edit/Update:
To be more specific I am also looking for good documentation how to create an omniauth custom developer strategy. Some tutorial that goes through the kind of code required to talk to an arbitrary SSO server, read a token out of a cookie, and complete the authentication handshake and callback/redirect.
This isn't really an answer but I'm posting this because a comment just wouldn't do. I don't know of any comprehensive guides so here's what I'd suggest you do:
Learn how Omniauth works. There's a great Railscast about authentication using Twitter. It's really simple and it will get you in the flow of the thing.
Build your own Omniauth strategy. Go to the list of Omniauth Strategies and scroll to Developer Strategies. In that table, choose the strategy you can use to connect to your SSO server.
Ideally, you'd be able to use OAuth2 and there are a couple of guides that talk about implementing your own OAuth strategy:
Custom OAuth 1.0 strategy to connect to Rdio
Custom OAuth 2.0 strategy by Intridea (the creators of Omniauth)
Custom OAuth 2.0 strategy to connect to Force.com by Heroku
But since you can't, just give a quick look at those guides. Without any specifics it's kind of hard (for me) to give any more help, but hopefully someone else will fill in the details.
I need to develop an API to be the core of a web APP.
My initial idea was making a REST API that would treat all the request and then create some clients for web, mobile and desktop.
My question is, How should I manage the authentication for this situation?
I thought about using a token that would be passed with all requests to the REST API.
Im my case, I would not like to have something like OAuth because the ecosystem will not have multiple apps like Facebook/Twitter does.
NOTE: I must have the API separated from the client for web.
In more details, I would request POST /users/auth passing their password and username, and receive an auth token.
Is it a good approach or there is something better?
Agree that Devise is great for the auth in the application. For the API level, 3scale could help a lot (http://www.3scale.net) - it takes care of rate limits, keys, oauth secret distribution, analytics, developer portal and other stuff. There's a ruby plugin to get started here: https://github.com/3scale/3scale_ws_api_for_ruby.
Devise is a fantastic gem that handles authentication in rails apps. It also provides token based authentication. You can find many resources on the web (for example here) explainig how to use it. No doubt it will fit for your situation.
Please I would like someone to tell me if dotNetOpenAuth single-sign-on.
All I want to achieve is to be able to seamlessly logging to all domains without redirect to third party system for authorisation or Authentication within a mixture programming platforms e.g (PHP or .Net)
DotNetOpenAuth library is a simple library to implement Single Sign On for .NET based application. The only issue I faced was related to performance. It was found to be a known issue with a particular API that cause the sluggishnes.
DotNetOpenAuth can be used for SSO solutions, but each new web site a user visits does need to perform a redirect to the identity provider. In a controlled SSO environment, that provider may never appear to the user, so the login is totally transparent. There are a couple of samples of an SSO configuration that comes with the DotNetOpenAuth download.
DotNetOpenAuth will help you do what you want to do provided you can support OpenID from PHP. You need to implement a provider (the site that authenticates you against a DB or other store), and a consumer (the site you want to log into).
My recommendation would be to consider the authentication protocol you wish to use rather than a specific library at first. In the case if DotNet OpenAuth it has support for:
OpenID
OAuth
InfoCard
These are just a few of the protocols available. You should also look into the SAML family of protocols, in particular SAML 2.0.
There are implementations of SAML for PHP, .NET, and many other platforms. You might want to look at a comparison between OpenID and SAML in order to choose which is better for you.