I am doing some research to determine if Spring Security can be used with WebSphere Portal 7.x. I have reviewed the Spring Security documentation and did not see anything that leads me to believe that it can not be integrated into our application.
We will be using WebSphere Portal Security for Authentication (LDAP - to verify the identity of the user and what Portal/Portlets they can see and use) and Spring Security for authorization of what part of the portlet they have access to.
Hmm... the last time I looked into that, there was no direct support for the portal API in Spring Security 3.0. As of Spring Security 3, the portal support was moved out of the main distribution into a Spring Security Extendsions project. The last official portal support was in version 2.0.6.
The deal is that the older portal support was not updated to support JSR 286. I wrote my own to provide this functionality that allows me to use Spring Security 3.x. Once I finish testing, I'll see if I can contribute it back.
Regards,
Joshua
Related
We are looking into implementing authentication using the OIDC protocol on a web application deployed on WebLogic Server 14.1.
According to one comment here "Weblogic's OIDC functionality is available only from Weblogic Version 12.xx.".
However, I only find SAML support, OIDC integration seems to require to use Oracle Access Manager (OAM).
I'd prefer not to require a separate product, so I would appreciate any feedback about your experiences doing OAuth integration with WebLogic with or without OAM.
References: OAM 11.1 FAQ
Would like to implement FIDO authentication for our web application using 'windows hello' as authenticator & 'WebAuthn' protocol.
Please let me know the steps involved.
Which windows OS version & its build version supports windows hello ?
How to set up FIDO server?
How to integrate our web application with FIDO server?
Is FIDO can be used to authenticate back end web api end point access?
FIDO2 functionality was initially released in Windows 10 version 1803
Set up a FIDO Server - You'll need to make a couple design decisions first.
2.1. Pay an IAM solution provider that already offers WebAuthn / FIDO2.
2.2. Build WebAuthn / FIDO2 functionality into your existing authentication system.
2.2.1 Integrate with an authentication service. The authentication service hosts the infrastructure, your app just calls their API.
2.2.2 Spin up standalone WebAuthn / FIDO2 servers on your own infrastructure and integrate it with your existing authentication system.
2.2.3 Integrate WebAuthn / FIDO2 libraries into your existing authentication system (uses existing infrastructure).
How you integrate depends on your design decisions outlined above. If you want to learn about integrating a library into your existing authentication system then I would recommend Yubico's Passwordless Workshop.
WebAuthn / FIDO2 supports various uses cases. Learn more at the FIDO Alliance.
Both code bases can provided OAuth2 capabilities. Why should I use one vs the other?
The Spring OAuth2 library has capabilities of turning an application into a full-fledged OAuth2 Authorization Server, which is able to issue its own tokens BUT it still needs and depends upon a central OAuth2 provider for authentication. CF UAA is one such provider.
Facebook or Github are the other such OAuth2 service providers used more commonly for this purpose.
More details about Spring OAuth can be found at - https://spring.io/guides/tutorials/spring-boot-oauth2/
I hope it helps.
Given that if we are running on a full WebSphere Application Server v8.5.5 profile which has support for both OAuth and SAML ( http://ibm.co/1bUqrJJ and http://ibm.co/1es8Hgv ), Can a Worklight 6.1 environment take advantage of either without needing some other external authorization service such as a DataPower or ISAM in between the device and the Worklight Server?
Worklight (5.0.x, 6.0.0.x, 6.1.0) does not provide any OAuth support on either the client or server. So any integration you're going to do will require some work on your part.
See related questions about Worklight and OAuth:
How to implement OAUTH 2.0 in IBM Worklight 6.0
IBM Worklight - How to use Google authentication in a Hybrid application?
OAuth support is something that Worklight product designers are thinking about, but I cannot comment further.
Do I need to write a custom authentication provider to use facebook connect with account registration + authorization for the Spring Security plugin in Grails? I am trying to offer the traditional application registration with facebook connect in a grails dev app using Spring Security. Does this make sense? Any ideas?
You can inspiration in spring-security-facebook project. But the project is no longer has an active development.
Other possibility is to use Apache Shiro plugin which has facebook login or nimble plugin.