We Keep Coding

Setting proxy to Spring SAML HTTPMetadataProvider

We are using spring-security-saml for our SAML authentication. The app is working fine and when we try to run the app on demo machine, the connection to SAML metadata url is timing out.
we have given the metadata url in our application.yml as
security:
saml2:
metadata-url: https://dev-715244.oktapreview.com/app/<app_id>/sso/saml/metadata
Tried setting the proxy to the jvm while running the jar but same issue is there. But this URL is reachable through CURL.
Any idea as to how to set proxy details to the HTTP Client used by spring SAML?

Yes, you need to create a bean as follows to your WebSecurityConfig:
#Bean
public HttpClient httpClient() {
HttpClient client = new HttpClient(this.multiThreadedHttpConnectionManager);
HostConfiguration hostConfiguration = new HostConfiguration();
hostConfiguration.setProxy("PROXYHOST", PROXYPORT);
client.setHostConfiguration(hostConfiguration);
return client;
}

Forward IIS NTLM Authentication Inside Tomcat to Another Service

I have an architecture like the following one:
IIS(Windows Authentication Enabled) -> AJP Connector -> Tomcat
AJP Connector in server.xml is configured with tomcatAuthorization = true and tomcatAuthentication = false
Inside tomcat, I am able to get all user information from NTLM (roles, username, domain, etc) and everything works fine from that point of view.
Now I have the necessity to call inside tomcat, another service that uses NTLM as well. So the new architecture will be:
IIS(Windows Authentication Enabled) -> AJP Connector -> Tomcat -> external NTLM Web Service
My aim is to forward the NTLM information that Tomcat receives from IIS, to the external NTLM WS in order to makes the call by the original user, without ask user to provide again the Windows Credentials and use, inside Tomcat ,the response from that WS.
Is that any way (using e.g. Apache HTTP Client) to reuse the "NTLM" Principal obtained by IIS to perform this kind of HTTP Request?
Thanks all!

Cannot login into Salesforce with Java using Proxy Server

I wrote Java code to login to Salesforce and ran this code on a firewalled server. For this, I have to specify the proxy url and proxy port before connecting to Salesforce due to the firewall. However, I'm getting an unknownhostexception error for the proxy url. If I try to login via curl with the proxy settings, I am able to connect. How come there is a problem connecting using Java then? Any help is appreciated.

Apparently the issue was caused by JVM configs. We have to configure JVM to use the proxy settings as follows:
System.setProperty("http.proxyHost", crmProxyURL);
System.setProperty("http.proxyPort", crmProxyPort);

Depending on your HTTP library the System settings might not be enough or not needed. In the Salesforce context it is quite possible that one would try using the Jetty HTTP Client. In this case the System properties are ignored and proxy needs to be handled by the Jetty client:
ProxyConfiguration proxyConfig = httpClient.getProxyConfiguration();
HttpProxy proxy = new HttpProxy("proxyHost", proxyPort);
proxyConfig.getProxies().add(proxy);
The Apache HTTP Client, another popular choice, also uses its own little mechanism:
HttpHost proxy = new HttpHost("proxyHost", proxyPort, "https");
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet(someURL);
request.setConfig(config);
Interesting here: one can specify to use http or https as the proxy protocol.
In general I found using one of the http client much easier that the JDK low level functions.

How authenticate a Spring non-web Websocket over STOMP Java client using SockJs?

How authenticate a Spring non-web Websocket over STOMP Java client using SockJs?
Session-based Authentication? Token-based Authentication?
The documentation say:
Existing Web applications already use HTTP based authentication. For example
Spring Security can secure the HTTP URLs of the application as usual.
Since a WebSocket session begins with an HTTP handshake, that means
URLs mapped to STOMP/WebSocket are already automatically protected and
require authentication. Moreover the page that opens the WebSocket
connection is itself likely protected and so by the time of the actual
handshake, the user should have been authenticated.
http://docs.spring.io/spring/docs/current/spring-framework-reference/htmlsingle/#websocket-stomp-authentication
Actually I connect without autentication and I'm sending messages. My Java server application use Spring framework, but my clients are java clients, not web clients.

Official doc says:
String url = "ws://127.0.0.1:8080/endpoint";
StompSessionHandler sessionHandler = new MyStompSessionHandler();
stompClient.connect(url, sessionHandler);
but there is other connect method with additional parameter WebSocketHttpHeaders. I used it for basic authorization:
WebSocketHttpHeaders headers = new WebSocketHttpHeaders();
String auth = "user" + ":" + "password";
headers.add("Authorization", "Basic " + new String(Base64.getEncoder().encode(auth.getBytes())));
stompClient.connect(url, headers, new MyStompSessionHandler());

Webservice Client behind proxy and service needs NTLM authentication

I am working on a client which will request web service(hosted on internet) which requires NTLM authentication.
Also the host machine on which my client is installed is behind proxy, first the request should
authenticate proxy server and then request would go the web service and do NTLM authentication.
I am able to do NTLM authentication via the help on NTLM authentication
I have generated the stubs via wsimport by first saving wsdl file to local file because through URL I was not able to connect(because I dont know how to set proxy in command line call to wsimport).
I have not used any frameworks like axis2 or cxf. I am using Java 1.7
When I deploy the client on non-proxy machine(direct internet), then it works but not when behind proxy. Please help.

Following simple line of code to use System Proxy did the trick.
System.setProperty("java.net.useSystemProxies", "true");