I'm creating an Authentication Server and which some of my existing applications can use to authenticate. I'm using the OAuth2 with Spring Boot by following this sample project and tutorial https://github.com/dynamind/spring-boot-security-oauth2-minimal.
But in my case my existing applications are built using Spring MVC and angular. So there is no separate Resource Server. Resources are also located in same application(Resources are my Secured Request Mappings in same application).I just want to separate the authentication process from my client applications and use a common Authorization Server. (Currently they use the Google Authentication + Spring Security to secure the application).
So I tried to use #EnableResourceServer and #EnableOAuth2Client in same application but I could not get the expected results.
What is the best way to achieve this task?? Is there any other method that I can follow to authenticate my applications from Oauth2 Server?
You need to configure your web security for form based login and Resource Server Security form REST Endpoints
See my answer to the similar question here
Related
What is the easiest way to switch from jsession based authentication to a token based authentication with Azure AD and Spring security? The documentation is not clear on other approaches to authenticate with azure AD other than the default session based one.
I am trying to see how can I validate the jwt access token using azure AD. The default implementation works with session based authentication (which will not work in a system with multiple instances.) The session-stateless property mentioned in the doc doesn't seem to have any effect on the authentication.
Spring Cloud Azure integrate Spring Security with Azure Active Directory.
You could use spring-cloud-azure-starter-active-directory starter to integrate with Spring Security, please refer this sample to see how to use it.
For further reading, please refer the Azure Active Directory dev guide, it covers these scenarios for you:
Access a web application
Access resource servers from a web application
Protect a resource server/API
Access other resource servers from a resource server
Web application and resource server in one application
According to the current official documents, how to manage the resource service when using spring security oauth2 authorization server as the authentication server? Previously, in spring cloud security, there were two sides: server and client. At present, this part has been removed. What dependency does the removed resource service need? Use spring boot security?
We have a requirement of implementing SSO for a customer(OKTA is his IDP) and we also have other client asking for SSO(ADFS and One Login).
And all other clients authentication will be database authentication.
So based on each client the authentication mechanism should change. Is this possible?
My application is Multi Tenant SaaS. Where its deployed on AWS and a load balancer will switch servers randomly.
We use Angular 5 and Spring boot 2.1 for Services.
How can i achieve this? Please guide.
AWS Cognito primarly meant for Serverless user authentication from Mobile or Web application (Javascript).
The primary concern is that, we need to do client implementation for each of the client like Android, IOS and Javascript.
Instead of that can we have spring boot server which will expose a login/signup/action rest endpoint for all the above clients where the spring boot will authenticate/signup with Congnito on behalf of the clients and send the access_token response back to the client. This way, Conginto integration will be done only in one place which is the Spring boot application.
Can we go ahead with this approach? Does AWS SDK supports Java for cognito access from Server?
Here's an article which shows an example of implementing a Spring boot application that is able to authenticate the user against Amazon Cognito using OAuth 2.0 authorization code grant and JSON Web Tokens.
This github repo contains the example code in Kotlin
Probably, this is in some ways, similar to your usecase.
Using Angular JS for my front-end and Spring MVC for web services. Based on SOA architecture, front end and back end are loosely coupled.
I want to use Windows Authentication to login in the web application without asking any username and password in the login page.
I am getting struck in Spring Security Kerberos and want to authenticate from the LDAP and then Use Spring JWT oAuth protocol to continue further.
Can someone help where am I missing or what will be the robust way for this architecture.
P.S. : Spring MVC + Angular JS
High level: If your doing the authentication via the Internet i.e where you don't have access to get Kerberos tickets via Spring Security, you need to consider using SAML or OAuth. Otherwise if you have local access and can talk directly to the authentication servers from your server hosting your code you can use Kerberos.
SAML and OAuth are very different to LDAP and Kerberos. Kerberos and LDAP can generally only be used if you have direct access to the authentication servers, i.e when are you in the same windows domain.
For further help please post code samples and an outline of what your trying to achieve.