we have the following situation. A Open Source Cloud Foundry installation and an independent Gitlab installation. I would like to use the Gitlab Token to identify User in the CF UAA, means everybody registered at the Gitlab is able to use CF.
Is there a possibility to combine this two system?
This is currently not supported by UAA.
We have plans to add supports for Generic OAuth 2.0 based external identity providers in the future.
Related
Due to security policy, connecting to AWS programmatically with PowerShell using an Access/Secret Key is not allowed at our organization anymore, and needs to be replaced with AWS SSO. But I didn't find any clear documentation on how to actually connect to AWS with PowerShell, using AWS SSO. On AWS official documentation for PowerShell Cmdlets, I can see a cmdlet named: Close-SSOSession, which is very straight forward about what is does. but which cmdlet is used to open the session in the first place? I would expect something like: Open-SSOSession. I also need to mention, that we are not allowed to install AWS CLI V2 on our Windows servers, as only the AWS PowerShell Module is approved to use by developers.
I have a web application running in a docker container. I need to let only the users authenticated with Microsoft SSO (only the users in my AzureAD tenant). The web application is written in Spark Java and trying to change the existing basic authentication to Azure with MSAL4j is proving to be time consuming and difficult.
Is there a way to authenticate all users with SSO externally to the container without having to change my application?
I saw an Azure NGINX solution on NGINX site but it seemed to not have a free version. Anything I can use out of the box or develop?
TIA!
There is no way to authenticate all users with SSO externally to the container without having to change your application. You would need to change your application code and add the Azure Authentication manually.
I am trying to use the snowflake connector inside docker container. I want to use the externalbrowser authenticator so that I can make connection using Okta credentials but the connector is failing with below mentioned error.
DatabaseError: (snowflake.connector.errors.DatabaseError) 250008 (08001): None: Failed to connect to DB: xx.snowflakecomputing.com:443, Unable to open a browser in this environment.
(Background on this error at: http://sqlalche.me/e/13/4xp6)
As an aside, I'd recommend removing your account name from the question (shown in the error).
You are correct that the "externalbrowser" option is a browser-based SSO. It might be possible to get this running a docker container with some extended software and configuration, but I wouldn't recommend it as it doesn't seem worth the effort.
Instead, there's alternative SSO authentication methods you can look at such as Native SSO Okta, key-pair authentication, or external OAuth. These won't require the browser.
We have a solution that uses Certificate-based Authentication with Azure Service Principals on Windows. It's documented in the following article:'
Building Daemon or Service Apps with Office 365 Mail, Calendar, and Contacts APIs (OAuth2 client credential flow)
https://blogs.msdn.microsoft.com/exchangedev/2015/01/21/building-daemon-or-service-apps-with-office-365-mail-calendar-and-contacts-apis-oauth2-client-credential-flow/
We need a solution similar to the one above that will work on Linux Servers.
The below WIKI by the Azure Identity SDK team has the conceptual documentation here:
https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/Client-credential-flows
The dotnet core sample:
https://github.com/Azure-Samples/active-directory-dotnetcore-daemon-certificate-credential
works on Linux however the part of the sample generating the cert will not work as powershell on Linux is based on .net core which doesn't yet support the cert modules required.
I have used Bitnami VM to deploy Parse Server on Azure but I cannot seem to be able to access Parse Server Dashboard. What URL is it available on? Do I need to open any ports?
Just an update on this. A new version of Parse Server provided by Bitnami is now available in the Azure Marketplace. The new version does include the Dashboard.
Have you been following Bitnami instructions?
It states you can access the dashboard using this URL: http://[server-IP-address]/parse
This means only TCP/80 port needs to be open (on your Network Security Group if you use one or in your VM ACL if you don't).
You have now other (probably easier) options to deploy Parse Server on Azure:
using a dedicated ARM template leveraging Azure services (App Service, DocumentDB, Notification hub, ...).
using Azure App Service with the original Facebook/Parse version with MongoDB.
I've got it. The bitnami guys were kind enough to reply to me for this topic:
You can launch the latest Parse version that ships the Dashboard from https://vmdepot.msopentech.com/Vhd/Show?vhdId=64574&version=66817 It could take some time to be available in the Azure Marketplace
So bottom line, use the image from VM depot and not the one on Azure Marketplace as it is an old one and doesn't include the Dashboard.