Good Morning,
I use the spring security saml extension, and I need to retrieve the IDP metadata through proxy.
Is there a way and an example to pass the httpproxy to HTTPMetadataProvider in the securityContext.xml?
Thanks in advance.
Related
Spring Cloud Dataflow is awesome. It's marvelous and working like a charm.
Only problem we have encountered in missing JDBC authentication. FileBasedAuthetication is not safe and everyone do not LDAP. Huge chunk of users still prefer to use JDBC authentication.
It will be of great support if you help me with JDBC authentication. Do let me know how to implement it, any document or URL be of great help.
You can still add a custom JDBC authentication (via any Spring Boot managed SecurityConfigurer - GlobalAuthenticationConfigurerAdapter) and have it as a bean in your custom Data Flow server configuration(by running it via #EnableDataFlowServer).
You can also contribute the same to Spring Cloud Data Flow.
Thanks!
I have a web application in which Authorization is handled by Apache Shiro. Now we need to convert it to restful service and need to add an authentication mechanism . I am looking for a possibility to keep Shiro itself for authorization, so that code changes are minimal, and JWT for authentication. Please suggest me how can I achieve it. Is there any framework available for it?
I made a library to achieve this.
https://github.com/panchitoboy/shiro-jwt
You only have to implement UserDefault and UserRepository with your bussines logic.
It's based on apache-shiro, i have created a filter based on the shiro AuthenticatingFilter.
Regards,
Currently we have web app which uses spring Security for role based Authentication and Authorization.
Since we want to use SSO I see this example to integrate Spring with Openam https://wikis.forgerock.org/confluence/display/openam/OpenSSO+Spring+Security+%28Acegi%29+Integration
so it's like
My Web app (using spring to talk to openam) <===> IDP Proxy <====> IDP
But when I use the SAML tracer (The plugin for Firefox to track SAML requests/Responses) I don't see any SAML payloads between My web app and IDP proxy.
Is it that Spring is using SOAP request to talk to IDP proxy by picking urls from AMConfig.properties ?
I thought of using Fedlet but reading the saml response from Fedlet and integrating that with Spring Security is not feasible.
If Spring security3 doesn't use SAML2 is it a good idea to use spring framework to talk to openam ?
Any inputs ?
Thanks in advance
Ram
Ok folks we got our JSF2 web app working by integrating with Spring SAML extension and Spring Security along with open am.
Spring SAML extension is here - (https://github.com/SpringSource/spring-security-saml)
So now we are pulling all user roles from LDAP using Openam as IDP and the saml request and response is processed by spring saml extension. The role based access within application is controlled by Spring Security.
I would like to thank
Vladimir Schaefer - Author of Spring Saml ,
Stefan - from opensaml team,
Peter Major- from Openam # forge rock.
Wanted to add this note to let others know that the integration can be done to JSF app or any other web app and it uses Spring security SAML extension (which uses SAML 2.0 end to end) .
We finally have single sign on working finally.
I will put up an article on this shortly and will update this post.
I was able to add some more notes please see my articles on
generic info related to Openam concepts
http://reddymails.blogspot.com/2013/03/sso-for-java-or-net-web-based.html
Steps to integrate JSF 2 web application with Openam using Spring SAML extension and Spring Security.
http://reddymails.blogspot.com/2013/06/integrating-jsf-web-applicataion-with.html
Thanks
Ram
I don't see any SAML payloads between My web app and IDP proxy
According to the page, the integration is very similar to a normal agent approach. This probably means that you app talks to OpenAM using SOAP and OpenAM talks to the IDP using SAML.
But when I use the SAML tracer (The plugin for Firefox to track SAML
requests/Responses) I don't see any SAML payloads between My web app
and IDP proxy. Is it that Spring is using SOAP request to talk to IDP
proxy by picking urls from AMConfig.properties ?
If things are working correctly you should see a SAML authentication request when you are forwarded to the IDP.
What you should do is probably start plowing through the OpenAM debug logs.
Especially the Federation log.
I thought of using Fedlet but reading the saml response from Fedlet
and integrating that with Spring Security is not feasible. If Spring
security3 doesn't use SAML2 is it a good idea to use spring framework
to talk to openam ? Any inputs ?
There is an spring extension that allows you to use SAML directly.
http://static.springsource.org/spring-security/site/extensions/saml/index.html
You could have a look at that.
Does anyone over here has experience integrating TAM with Grails spring security for single sign on. If so can you help me get a quick start or point to any tutorials.
Thanks
You would probably want to use Spring Security's pre authentication feature and examine the header sent from TAM. To do so you would write your own authentication provider which is really simple and just looks for the header. See this for some more information
Is there an easy way to secure RESTful API exposed via Apache CXF's JAX-RS implementation? Are there any hooks for security via Spring Security?.
I heard of people using Basic Authentication over HTTPS, but I haven't seen any actual examples. Any ideas would be greatly appreciated.
Thanks!
see http://chrisdail.com/2008/08/13/http-basic-authentication-with-apache-cxf-revisited/
Don't know about CXF, but in Resteasy you can configure it as you would for any other web application, and then do..
#Context private SecurityContext sc;
Which allows you to check things such as sc.isUserInRole("admin");. CXF may provide the same functionality.