What I've done till now:
I have installed Keycloack(8.0.1) and configured it, created realm, clients, and users.
Configured couple of simple Spring Boot apps with Keycloack and it is working with SSO.
I am trying to achieve following.
Keycloak should connect to Azure Active Directory and read the users from there (User Federation) and authenticate, authorise users to use the application.
Created Active Directory B2C on Azure cloud.
I have gone through too many links and read through Keycloak official documentation but could not figured the way out.
Thanks in advance.
Related
What is the easiest way to switch from jsession based authentication to a token based authentication with Azure AD and Spring security? The documentation is not clear on other approaches to authenticate with azure AD other than the default session based one.
I am trying to see how can I validate the jwt access token using azure AD. The default implementation works with session based authentication (which will not work in a system with multiple instances.) The session-stateless property mentioned in the doc doesn't seem to have any effect on the authentication.
Spring Cloud Azure integrate Spring Security with Azure Active Directory.
You could use spring-cloud-azure-starter-active-directory starter to integrate with Spring Security, please refer this sample to see how to use it.
For further reading, please refer the Azure Active Directory dev guide, it covers these scenarios for you:
Access a web application
Access resource servers from a web application
Protect a resource server/API
Access other resource servers from a resource server
Web application and resource server in one application
I'm building a Java SpringBoot app and I tought of using Keycloak to permit users to login with their GitLab account.
How can I do that? Is there any article or tutorial about this process?
I have a Spring boot app that use azure active directory with front-end authentication here the microsoft page that I used.
This app is the back-end and I would use for many front-end apps.
How can I set in application.properties all different valid client-id for every front-end apps?
I am currently building an android application for my final year degree project but at the moment I have very basic login functionality.
At the moment it is just a username and password stored in a MySQL server, the program fires off a request which runs some PHP to check to see if the username exists in the table and the password is correct. This won't be anywhere near secure enough, I just wanted a placeholder while I got on with other parts of the app.
I've been looking at existing frameworks which can provide secure authentication/authorization as well as session management so the user doesn't have to constantly log on whenever they re-open the app. Apache Shiro (https://shiro.apache.org/) sounds like a potential solution but I've had a good search on Google but haven't found any examples in which it is used for Android projects.
Does anyone know if it is possible to use it for Android Apps? Or if there are any decent alternatives?
Thanks,
Mike
A security service is deployed in a "remote" machine (the server). Your Android app (the client), when a user tries to login, sends a POST to a "/login" endpoint exposed by the server. If successful it will reply with a cookie that the client will use in the further request to identify its session. It is not difficult with a maven project Spring and Shiro libraries, but you need to implement at least a simple WebApp (expose /login, use shiro to verify the credential) deployed in a separate server. If you are ready to write two java app Shiro is a good choice.
I'm have the next scenario on my enviroment
Tomcat running as services in Windows server
The service is configured with a Domain Account, it is an Active Directory Account.
Now in a Spring Controller I need to acces to a site, this site is configured with Integrated Security.
So what I want is to access to this site using the same credentials that is running the tomcat account. So I'm beleave thath I need to access to this credentials and pass it to a http client.
Thanks.
There's a number of ways you can integrate a Java application into an Active Directory / Windows Authentication system:
I would start by understanding the Kerberos and NTLM authentication systems (and which apply to your environment) and reading up on the documentation: http://docs.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html
Given you are using Spring already, I would strongly consider using Spring Security, which has NTLM support: http://blog.mediasoft.be/ntlm-with-spring-security-20/