I have been having trouble getting a SSO service on Bluemix to work for an existing app on Bluemix that I have inherited.
The app previously had the older version of SSO working which came into action when a user selected an admin link to sign in as an administrator. But this obviously stopped working when the new version of SSO arrived. So I set up the new SSO service for the app, boarded the tool with the SSO provisioner tool, and configured and binded the SSO service to my Bluemix app.
It now looks like this is working - I get the Open ID sign in page, but then it goes no further and does not move onto the landing page/URL that is set up in the service.
Is there any further coding on the application that needs to take place? Looking at any of the docs in Bluemix it says there is no furhter coding needed for Liberty for Java apps....but I'm not so sure...
Any help with getting this to work correctly would be greatly appreciated.
What Identity Provider do you use? This tutorial might help- http://www.ibm.com/developerworks/security/library/se-bluemix-secure-apps-single-sign-on/se-bluemix-secure-apps-single-sign-on-pdf.pdf
Related
I have a java application running on tomcat server which uses JAAS authentication to configure the app among three users (superadmin, admin, customer).
Now, I have to integrate the app with SAML just for the end-user (customer).
I've gone through a lot of blogs and videos related to it. But everything involves a build tool within.
Whereas this app has been built manually through console (without IDE). It would be very helpful if you could provide me with an example to refer to meeting my requirements.
My goal is to to enable application insights for our java 8 app services on Windows. I'd like to implement codeless application insights if possible, but I'm uncertain whether this is currently supported for Java app services.
When I visit any documentation page regarding code-based application insights for Java, I am recommended to use the new Java 3.0 agent for Application Insights, which supports codeless monitoring.
However, the table on this page indicates that this is not yet supported for Java app services. But further down the same page it says: "The portal integration for monitoring of Java applications on App Service on Windows is currently unavailable, however, you can add Application Insights Java 3.0 standalone agent to your application without any code changes before deploying the apps to App Service. Application Insights Java 3.0 agent is generally available."
It's not clear to me what is meant with "portal integration" here. I have tried to implement the 3.0 agent using this documentation, and so far it works from my local machine, but not (yet) when deployed to the app service. So my question is whether I'm doing something wrong or that it isn't supported currently.
Thanks
Answer is posted here https://github.com/microsoft/ApplicationInsights-Java/issues/1615
All you need to do:
Enable application insights for the app service and specify an app insights instance
Add this application setting; XDT_MicrosoftApplicationInsights_Java -> 1
I think what mentioned in the doc about codeless application insights is like this:
After deploying my springboot app to azure web app (windows, java 8, standard S1), we can enable application insights by turn the button to 'enable' in the screenshot above. And even I didn't add app insights sdk in my code, I can still get trace and other information.
=============================UPDATE================================
I found after adding these three settings in the configuration, the application insights will also automatically collect traces from the program. Weird!
I am currently building an android application for my final year degree project but at the moment I have very basic login functionality.
At the moment it is just a username and password stored in a MySQL server, the program fires off a request which runs some PHP to check to see if the username exists in the table and the password is correct. This won't be anywhere near secure enough, I just wanted a placeholder while I got on with other parts of the app.
I've been looking at existing frameworks which can provide secure authentication/authorization as well as session management so the user doesn't have to constantly log on whenever they re-open the app. Apache Shiro (https://shiro.apache.org/) sounds like a potential solution but I've had a good search on Google but haven't found any examples in which it is used for Android projects.
Does anyone know if it is possible to use it for Android Apps? Or if there are any decent alternatives?
Thanks,
Mike
A security service is deployed in a "remote" machine (the server). Your Android app (the client), when a user tries to login, sends a POST to a "/login" endpoint exposed by the server. If successful it will reply with a cookie that the client will use in the further request to identify its session. It is not difficult with a maven project Spring and Shiro libraries, but you need to implement at least a simple WebApp (expose /login, use shiro to verify the credential) deployed in a separate server. If you are ready to write two java app Shiro is a good choice.
We would like to implement following logon mechanism to authenticate users against AD between Java and .NET applications hosted in different application containers.
Our server setup is
One linux web server with Tomcat on it - this is where our java apps resides
One windows web server with IIS on it - this is where the legacy .net apps resides. [authentication can be done via windows integrated authentication - we don't want to change this - unless no other way]
One domain controller - win 2008
Our aim is to implement authentication mechanism where any user can login through a form via AD [Active Directory] credentials to our login page which is hosted either on .NET or Java. After authentication is completed successfully,user should browse pages without
his/her credentials being asked again.
Reason we need it is we have couple .Net apps which design to use integrated authentication with IIS - and we are designing new Java interfaces where we would like to centralize authentication with a login form where user can login agains AD and switch between .NET and Java apps where the authentication is still valid until it expires or etc.
I heard about SPNEGO project but not sure what kind of setup we need to implement above scenario.
It would be nice if we need no modification to .NET site setup since we don't want to maintain those apps anymore. All helps are welcome and greatly appreciated.
Thanks in advance,
ED
i am looking for a link through a web service between an android application and an application that is deployed on google app engine.the user inputs data in the android application which has to be passed to the jsp and jpa application deployed on the google app engine.Can anyone please help...
See this article for how to authenticate against App Engine from inside your Android app. From there, how you interface is up to you: You can write a RESTful API, or use any number of HTTP-based RPC protocols to communicate between the Android app and the site. Which you choose depends on your needs, which you haven't detailed.