I have apache running on a different host that can be authenticated using basic authentication, and I have a spring boot application running on a different server that uses JWT authentication. Can we authenticate the Apache server with that JWT token? I tried to get the url from the rest template and the username with the help of the Principle class. cannot extract the password.
Related
According to the current official documents, how to manage the resource service when using spring security oauth2 authorization server as the authentication server? Previously, in spring cloud security, there were two sides: server and client. At present, this part has been removed. What dependency does the removed resource service need? Use spring boot security?
I've configured my Spring boot server to use OAuth2 login using Spring security.
How can I configure the OAuth2 login redirect to work only for the root index URL?
For other requests, I would like to receive 401 in case of an invalid session.
Using Angular JS for my front-end and Spring MVC for web services. Based on SOA architecture, front end and back end are loosely coupled.
I want to use Windows Authentication to login in the web application without asking any username and password in the login page.
I am getting struck in Spring Security Kerberos and want to authenticate from the LDAP and then Use Spring JWT oAuth protocol to continue further.
Can someone help where am I missing or what will be the robust way for this architecture.
P.S. : Spring MVC + Angular JS
High level: If your doing the authentication via the Internet i.e where you don't have access to get Kerberos tickets via Spring Security, you need to consider using SAML or OAuth. Otherwise if you have local access and can talk directly to the authentication servers from your server hosting your code you can use Kerberos.
SAML and OAuth are very different to LDAP and Kerberos. Kerberos and LDAP can generally only be used if you have direct access to the authentication servers, i.e when are you in the same windows domain.
For further help please post code samples and an outline of what your trying to achieve.
I'm creating an Authentication Server and which some of my existing applications can use to authenticate. I'm using the OAuth2 with Spring Boot by following this sample project and tutorial https://github.com/dynamind/spring-boot-security-oauth2-minimal.
But in my case my existing applications are built using Spring MVC and angular. So there is no separate Resource Server. Resources are also located in same application(Resources are my Secured Request Mappings in same application).I just want to separate the authentication process from my client applications and use a common Authorization Server. (Currently they use the Google Authentication + Spring Security to secure the application).
So I tried to use #EnableResourceServer and #EnableOAuth2Client in same application but I could not get the expected results.
What is the best way to achieve this task?? Is there any other method that I can follow to authenticate my applications from Oauth2 Server?
You need to configure your web security for form based login and Resource Server Security form REST Endpoints
See my answer to the similar question here
We are working on a project that is built with SOA(Service-oriented architecture) using SOAP web services.
We want to use OpenAM as identity server for authentication and authorization .
We want to implement single sign on for user authentication with OpenAM.
Our web services are written using JAX-WS (Java). And we have web service client application acting as proxy which is built with NodeJS.
We implemented SSO with passport-saml library.OpenAM sends SAML bearer token with user claims.Then I must establish secure connection between NodeJS soap client and Jax-ws service provider based on user's claims which returned to me from OpenAM.
My question is :How I can/must setup secure connection between service client application(NodeJS) and service proivder application (Java) via OpenAM ?I saw there are STS service in OpenAM for web services security.But it uses custom sdk which was written in Java. I can't use it because my service client application is written in NodeJS.
What is the best scenario for handling this case?
So, I figured out a way for this task. Using JWT and validating sessions with OpenAM.