Is there any Spring Social client module for ORCID (Open Researcher and Contributor ID)? There are already client modules for service providers such as Spring Social Facebook, Spring Social Twitter, Spring Social LinkedIn, etc.
ORCID provides a persistent digital identifier that distinguishes one researcher from another. It has been globally adopted, and at the time of writing (June 2016), there are nearly two and half millions of ORCID iDs registered.
ORCID provides the service of SSO (Single Sign On) with ORCID, based on the OAuth 2.0 protocol. There are a growing number of web applications that are required of the support for SSO with ORCID. And there may be even more web applications that are required of using ORCID's OAuth 2.0 based REST APIs, for instance, to submit articles/data to the ORCID Registry.
The Spring Social framework has been widely used to connect Spring applications to Software-as-a-Service (SaaS) API providers such as Facebook, Twitter, and LinkedIn. A Spring Social client module for ORCID, similar to Spring Social Facebook, etc., would greatly simplify the development of the web applications aforementioned, and this would be very beneficial to publishers, institutes and so on in the academic area of all disciplines around the world.
I have created the Spring Social ORCID project, as an extension to Spring Social that enables integration with ORCID. (Note: I have devoted this project to Europe PMC, new versions will be released to its GitHub repository)
I have also written an example web application that uses the Spring Social ORCID module (as well as Spring Social Facebook), to test the module and also demonstrate how to use it, in a way that is almost the same as using Spring Social Facebook.
Not just web applications, you can also use Spring Social ORCID in your web services, as demonstrated by the spring social orcid client example project on the rest_web_service branch. The web service also supports the Remember Me feature.
Any web application can, via JavaScript, use the Spring Social ORCID based web service to connect to ORCID. I have created another example project to demonstrate this, which utilizes the Remember Me feature too.
The Spring Social ORCID project is far from perfect yet, but I think it's not a bad start :-) You are welcome to fork and help improve it too.
To follow up from Yuci, I have created a repository of Spring and Spring boot integration examples. Some require nothing more than configuration. ORCID recently released OpenID Connect and implicit OAuth functionality and you can now also do client-side authentication using just a handful of javascript.
The changes at the ORCID end mean that Spring boot requires nothing more than this:
#SpringBootApplication
#EnableOAuth2Sso
#Controller
public class ReallySimpleOrcidOauthApplication {
#RequestMapping("/")
#ResponseBody
public final String home() {
return "Welcome, " + SecurityContextHolder.getContext().getAuthentication().getName();
}
public static void main(String[] args) {
SpringApplication application = new SpringApplication(ReallySimpleOrcidOauthApplication.class);
Properties properties = new Properties();
properties.put("security.oauth2.client.clientId", "XXX");
properties.put("security.oauth2.client.clientSecret", "XXX");
properties.put("security.oauth2.client.accessTokenUri", "https://sandbox.orcid.org/oauth/token");
properties.put("security.oauth2.client.userAuthorizationUri", "https://sandbox.orcid.org/oauth/authorize");
properties.put("security.oauth2.client.tokenName", "access_token");
properties.put("security.oauth2.client.scope", "openid");
properties.put("security.oauth2.resource.userInfoUri", "https://sandbox.orcid.org/oauth/userinfo");
application.setDefaultProperties(properties);
application.run(args);
}
}
There's an example for client-side only implicit flow using JWT as well. This and more ORCID OAuth and OpenID connect examples can be found on github
Related
I have a Java Spring MVC application (note that its not spring boot).
We have a requirement to implement SSO for the users of our application. I did some research, the identity provider (IDP) in our case is Azure AD. The service provider would be my application in this case. I am thinking of using SAML protocol for SSO.
Also note - The application is http based (not HTTPS)
What I've done so far -
I've created an Enterprise Application on Azure and configured entityId and replyURL. I also added a user for this application.
Where I'm stuck -
Although I did read the related Spring documentation to achieve this, since I'm a newbie here, I still don't have a clear path as to how can I take this forward in my application. I found some solutions, they seem to be examples for spring boot. Can someone please help me with guides as to how this can be done in Java Spring? Which maven dependency I could use and any sample example to start working with SAML? A step by step explanation would be highly appreciated, thankyou.
Also, any other options than SAML would also be fine.
The Spring Security SAML extension (https://docs.spring.io/spring-security-saml/docs/1.0.0.RELEASE/reference/html/index.html) had an example web app. You may read the referenced doc and apply it to Spring Security SAML. It should not be too much difference.
I’m very glad to register the flow in the event of implementing Azure AD B2C OIDC/OAuth protocol with existing Spring MVC architecture.
Below Spring docs reveal that how was our existing project's spring-security layer being served in the context of filter-chain.
Pre-requisites
Authentication Filter - Form Based Login with Legacy IDP
Authentication Manager – Providing the user details authorities along with http session object
For accomplishing this Azure B2C Integration, we've gone thro' lot of repos but most of them are relying with Java config based but we were interested on Spring namespace with limited code/architectural change.
Then finally we came to the conclusion that how to extend the spring default auth-filter/manager for getting valid session object from security context based on the Azure provided (id/access) token after the successful user authentication.
Customizing Spring-Security
The detailed documentation on how to extend auth-filter/manager is available here with © reserved by terasoluna.org
We customized the spring security in such a manner that auth-filter will carry the token_validation against the given token from Azure and authentication manager will extract user details such as roles/privileges w.r.t to the object-id mapped in our DB's user entity.
Once the Spring security customization is done then we can able to integrate the Authorization-server [Azure in our case] and Resource-server [Existing Spring Application] by following the conventional methods.
This is an architecture question. I want to implement an application that processes two kinds of users (admin and clients). Each role can register in the following ways:
admin: username/password registration
client: Facebook/Google/username&password registration
Based on the user's role each of them has a specific action to which he's authorized.
From a technology stack, I want to use Java 8, Spring Cloud Netflix and later on Docker and Kubernetes (in order to have auto-heal and auto-scale).
I've implemented Eureka discovery, Config server, Zuul Gateway and I have two microservices for each role (to get me started). I don't know at all how to approach the user's authentication/authorization, from what I see Spring Security 5 is no longer supporting Authorization server and I am supposed to use Keycloack? Should the gateway be the authorization server or should I create another component that is responsible for authentication? What do I use, how to implement, how to approach redirection between my authorization server and the business microservice?
I can't really find a proper documentation that uses username/password, social login and Spring Cloud Netflix, together with Spring Security 5.
Your gateway shouldn't be responsible for handling authentication.
One possibility is using the cas project. It can run as a micro service to handle the whole authentication process. It can handle multiple auth methods like database (for username / password) and social media like Google or Facebook.
It comes with a basic setup having a login page and a configured DockerFile. You can customize everything. Just add the related dependency and add the config in the application.properties. You can customize the frontend.
https://apereo.github.io/cas/6.1.x/planning/Getting-Started.html
By the way: if you use kubernetes you don't need a gateway or service discovery with eureka. Kubernetes does this for you.
For api security, after moving to #Kubernetes, you can use Envoy or similar solution
For authentication and authorisation, you need an identity management system (like #Okta or PingFederate or an open source version like #OpenIAM) and then integrate using Spring & OAUTH2.
I'm going to be undertaking a large project for a client of mine. I need to write an IDP (identity provider) that will handle single-sign-on to multiple apps by a number of different authentication methods (such as SAML, OAuth, Form-based auth, HTTP Basic auth). I'd also need the ability to add in additional types of authentication as the app grows.
The basic idea would be that we'd have three different components to the app. One would be the IDP. Another would be a data-store that contains user accounts, the apps they want to use, etc. The third would be a GUI front-end that allows users to sign into apps.
It seems that there are some existing gems that handle authentication, like https://github.com/onelogin/ruby-saml and https://github.com/intridea/omniauth. My question is, am I overcomplicating this project -- would I just be able to use existing gems like these to act as the IDP, or is this a project where I'd need to read specs and implement them myself in Ruby?
Using something like SAML toolkit for Ruby on Rails adapted to work with ADFS server, you can integrate with ADFS. Now you can leverage ADFS features:
Interface with Facebook etc. via Azure ACS
Interface with Azure Active Directory and hence SSO to SaaS applications
Azure Active Directory Multi Factor Authentication
BYOD via the Web Applications Proxy
OAuth on ADFS 3.0
and so on. The list is expanding all the time.
Once you hook into these standards. you just inherit all the new features as they are released.
Has anyone actually used OAuth2 for SSO within Spring Security 3?
Scenario:
I need my users to be redirected to an OAuth2 URL when they try to access any URL on my site for the first time. Once they are authenticated there, it will redirect them to a URL on my site, where I need to authorize them and create a session so that they will stay authorized on my site until they log out or time out.
I have tried several configurations in Spring Security using custom pre-auth filters, custom user details services, etc., but I cannot get the flow to work properly. I've not attached any code because I've gone through so many possibilities that I'm not even sure what to post.
I'd appreciate any direction anyone can give. Thanks!
OAuth2 isn't intended as an SSO solution. It's primarily about delegating the right to access resources on your behalf to other parties (applications, for example). So if that's not something you need then perhaps you should be looking at a simpler solution.
It's possible to use OAuth2 to allow access to a resource which provides information on your identity, in which case it can be expanded for authentication use. This is how OpenID connect uses it (by adding a userinfo endpoint resource).
You might want to take a look at the UAA project within CloudFoundry which is built on Spring Security OAuth and uses OAuth2 in this way to provide authentication services and to issue access tokens to applications within the system.
This appears to be a somewhat dead question but here are some resources that may prove useful to future searches:
#EnableOAuth2Sso
#EnableOAuth2Resource
Spring Cloud oauth2 SSO sample
Spring oauth2 SSO with a whole bunch of other stuff too
Who is your Oauth2 provider? In a case of some public one like Facebook, Twitter, Google and many others you can take a look at Spring Social project. Even if you use some private provider you can add it very easy (http://blog.springsource.com/2011/03/10/extending-spring-socials-service-provider-framework/, Developing a Netflix Service Provider Implementation section).
Spring Social is designed to cover your main case with some minor difference: by default you must submit a form to start authentication process. I think this difference may be easy customized to feet your needs.
You can play with Spring Social Showcase sample to have an idea about authentication workflow.
Does Spring Security integrates with WSO2 Identity Server? If yes, then is there any sample or tutorial available for this?
Did you had any luck?? If so, could you point me in the right direction?
I'm researching on the same topic, you should take a lookt at:
Spring Security Extensions
Spring Security Extensions Git Web Interface
You could use either SAML2 or Kerberos to authenticate against WSO2 Identity Server, although I have not tested this yet, but should work.
If this is related Spring Security OAuth2 Integration with WSO2 IS.
Actually, there are 2 different ways to integrate Spring OAuth with WSO2 Identity Server:
using the WSO2 IS admin web services like OAuthAdminService, OAuth2TokenValidationService
sharing the database (not recommended, your application shouldn't have access to the identity provider database)
It's quite easy to integrate Spring OAuth with WSO2 Identity Server, of course, you could reimplement all TokenStore methods or the DefaultTokenServices to provide even more functionality and make the integration as transparent as you like but this sample is meant to show the very first steps.
You can refer the below blog https://www.yenlo.com/blog/wso2-spring-oauth2-integration-with-identity-server