I'm trying to implement my own logic for authorization to satisfy our project requirements. Can any one please help to find a way to implement my own authorization end point?
When you say Custom, does it mean a different standalone authorization server. Need more information to answer your question.
Related
We are trying to split apart Authorization and Authentication into two separate services. Both will use Identity Server 4. We may someday add in additional external Authentication providers. I believe Federated Gateway is the term (http://docs.identityserver.io/en/release/topics/federation_gateway.html?highlight=Federation)
My research so far indicates we are able to setup Authorization as External Providers and set [LocalLoginEnabled] to false. This works fine for web apps, since it redirects along the traditional flows. Our requirement is to have both Web-based and client-apps (Windows and Mobile) calling our solution. This would need Implicit or Resource Owner (password) flows.
Looking for guidance on the best way to set this up. I'm tempted to write a custom endpoint API to relay the authentication to authentication instance.
QUESTION:
How can I achieve "password flow" between two ID4 instances (Authorization + Authentication)?
Thanks in advance!
After much research and little guidance, I decided to take a leap and just created a new API Endpoint used only for Resource Owner / Password Grant Types. This API simply validates the necessary information was present grant-type, secret, user/pwd etc... and then relays it to the Authentication instance. There may be more "elegant" ways of doing this, but this one seems to be working.
Hope this might help someone.
Although my original answer worked, it was not the best way to accomplish my end result. Instead of creating a new endpoint, I am able to inject my own handling of password grants by extending the IResourceOwnerPasswordValidator. I can then have a single endpoint for all authorization. This solution is more "natural" and falls inline with the intended architecture.
The IResourceOwnerValidator interface just implements one function...
public Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
A much more elegant solution.
I implemented a simple API.ai bot and I wanted to add it to google home platform but I really need help for the linking account part.
I don't understand if I need to implement an oauth2 protocol for my service or not. Is there any exemple or framework that allow implement this linking account step (any language is ok, it's just for a simple POC).
My goal is to ask my bot some informations and send him some orders to achieve simple processing on a server.
Hope that someone can help me, add a simple bot to google home to access and modify some informations in a server isn't really easy for me ^^
As #Leon noted, you will need to implement the OAuth2 server yourself. The Actions on Google documentation give details about what they are expecting and what steps you can do to implement it yourself. The Authorization Code flow is slightly preferred (additional features from the Assistant will require it in the future), but you're also allowed to use the https://developers.google.com/actions/identity/oauth2-implicit-flow if you wish since it is slightly easier.
There are several packages that are out there that allow you to provide OAuth2, but require you to build the connection to your own account database. I've seen packages for .NET and JavaScript, but it shouldn't be too difficult to find one that meets your needs or to write one yourself.
If you need to authenticate the user, then you will need your own OAuth server. How to hook that up to an action is described in the docs: https://developers.google.com/actions/develop/identity/account-linking
If however, this is just a personal project and you want to test it on your own device, then account linking is not necessary for you to get the action to work. You simply need to hook up your server logic to the action fulfillment. We recommend that you use the API.AI Actions integration. The docs cover how to do that: https://developers.google.com/actions/develop/apiai/dialogs-and-fulfillment
I have a web application in which Authorization is handled by Apache Shiro. Now we need to convert it to restful service and need to add an authentication mechanism . I am looking for a possibility to keep Shiro itself for authorization, so that code changes are minimal, and JWT for authentication. Please suggest me how can I achieve it. Is there any framework available for it?
I made a library to achieve this.
https://github.com/panchitoboy/shiro-jwt
You only have to implement UserDefault and UserRepository with your bussines logic.
It's based on apache-shiro, i have created a filter based on the shiro AuthenticatingFilter.
Regards,
I want to implement security and authentication when i am calling an API.
So that my data will not be lost and hijacked by some one in middle.I have searched so many times on net but there is no good article with example.Some one has asked to implement NSURLSession with AFNetworking.
I have used encryption with key before 2 years is there any new things to implement security with authentication when we make request and getting response(is there need of encoding and encryption?).
Please eleborate with suitable example.
what Type of suggestion i have to give also to API developer
Thanks in Advance.
You can use SSL ceritificates (HTTPS) to avoid man-in-middle attack.
No need to invent your own crypto. It is not recommended at all. You should use SSL. That will be good enough. Refer to this article
Refer to this article. In addition there are plenty of other examples in internet. Hope this helps
I'am looking at the capabilities of WIF in terms of SSO. Actually we have a "legacy" users & rights management database under SQLServer and we like to build a brand new SSO system on top of this exsting database.
In many tutorials I found they talk about using existing STS like ADFSv2 for Active Directory authorization, but It did not fit my needs because my users/rights are not exposed through AD but in a custom a specific business oriented SQL Server database.
So, I thing I need a custom Security Token Service in order to be able to emit my own custom tokens, but I don't know how to do this.
I need some little help or an example about how to achieve this.
Thank you
You can find STS example in WIF SDK. It contain an example with custom token. Look here
More detail information about SSO I seen in a book 'Programming Windows Identity Foundation'
You can build your own Custom Security Token Service leveraging the underneath SQL Server database. You will have to define your scopes and Claims that needs to be shared after user does a Single Sign On. Here are some links to some articles below that has helped me build mine. I am pretty sure by following the below links you will be able to build a custom STS catering to your needs.
WIF : http://chris.59north.com/post/Building-a-simple-custom-STS-using-VS2012-ASPNET-MVC
http://www.primaryobjects.com/2013/08/08/using-single-sign-on-with-windows-identity-foundation-in-mvc-net/
Care to explain why #paullem's answer was deleted?
It is in fact the correct answer!
The question is about an STS that authenticates using a SQL DB. That is EXACTLY what IdentityServer does.
Since it's open source, you can customize it any way you want or else use it as a guide.
So to repeat the answer - "Take a look at Thinktecture.IdentityServer........".
Update
You want a custom STS that supports SAML protocol and authenticates against a SQL DB?
WIF won't do this for you.
You need to look at something like Shibboleth or simpleSAMLphp but they are not .NET based.
Or take IdentityServer and add a SAML stack to it.
Refer: SAML : SAML connectivity / toolkit.
Be warned: This is not a trivial exercise!