I am creating a web application on GAE. In this application i have to implement the SSO feature using SAML 2.0. I am suffering lot on web but i didn't find any example. I get the knowledge how SAML work, which library i have to use in java. But before starting i want to know if this feature is possible in GAE. I know google apps are based on SAML and provide SSO functionality. But i didn't find any link where it stated that GAE also support SAML and we can create SAML application on GAE. Thanks
I have done some integration with my demo google app engine account. Here i used Java based SAML2 IDP in my local which has been connected to LDAP user store. And using this IDP, i could login to google app account. Here what i understood. We need to configure about the IDP details (uri and so on) in the google account and upload a certificate of my IDP. Then i want to create same user which was in my IDP, in the google app account (I guess, it is for authorization purpose). Once i tried to login to google app, then it redirects me to my local SAML2 IDP and i need to provide user credentials to IDP. Then i would be directed to google app and can login to it. Here is some guide how to enable SAML2 SSO with shibboleth. I guess this would be help you.
Related
I have an web application whcih allows only google users and uses spring-boot-starter-oauth2-client to obtain authentication. I want to integrate Google API into my application, but all examples using its onw Oath2 process to authenticate user. How can I reuse existing spring boot google login for interaction with google API services?
Thanks!
You have to use the spring-boot-starter-oauth2-client dependency that allows the client registration for oauth2 providers, but before that it's necessary the client-id and client-secret provided by your oauth2 provider (such google). Here's a nice guide of how do that.
I am creating a native android application and I am using keycloak authentication, because my web app and my API is already configured with keycloak. I setup Facebook and Google as identity providers for keycloak but now I don't know how I am supposed to configure it in the Android application.
For the general authentication I am using retrofit with rest calls to get the token and after that I am storing the token in Android Account manager.
I want my android app to successfully authenticate via Facebook or Google through Keycloak. Any suggestions, please?
The answer is that I should use the keycloak functionality for token exchange from external to internal. See for more details: https://github.com/keycloak/keycloak-documentation/blob/master/securing_apps/topics/token-exchange/token-exchange.adoc.
Using Angular JS for my front-end and Spring MVC for web services. Based on SOA architecture, front end and back end are loosely coupled.
I want to use Windows Authentication to login in the web application without asking any username and password in the login page.
I am getting struck in Spring Security Kerberos and want to authenticate from the LDAP and then Use Spring JWT oAuth protocol to continue further.
Can someone help where am I missing or what will be the robust way for this architecture.
P.S. : Spring MVC + Angular JS
High level: If your doing the authentication via the Internet i.e where you don't have access to get Kerberos tickets via Spring Security, you need to consider using SAML or OAuth. Otherwise if you have local access and can talk directly to the authentication servers from your server hosting your code you can use Kerberos.
SAML and OAuth are very different to LDAP and Kerberos. Kerberos and LDAP can generally only be used if you have direct access to the authentication servers, i.e when are you in the same windows domain.
For further help please post code samples and an outline of what your trying to achieve.
I was working on an android application but for the sign in i need to sign in using ADFS. I have tried using Facebook and Twitter sign in and it worked but there is no official documentation to integrate through ADFS. Can anyone help me on the same?
Search for Active Directory Authentication Library (ADAL) for Android. This uses OAuth to get JWT tokens for your web services.
https://msdn.microsoft.com/en-us/library/dn633593.aspx
Thanks //Sam (#MrADFS)
I am developing an application on Google App Engine in java. In this application I have to implement SSO using SAML2. My google app engine application will act as service provider and identity provider will be a separate server. I have just to write the SP side of SSO. I am new to SAML and did much google on SAML and come to basic flow of user authentication in SSO. I found opensaml library that can be used to handle SAML messages between Idp and SP. I also found Shibboleth which is the implementation of opensaml library. I am very confuse on the decision of choosing opensaml or Shibboleth. can anyone suggest me on choosing opensaml or Shibboleth and if some one have found any tutorial on SP implementation of SSO in Google app engine he can also share it.
You can embed Spring SAML Extension (product built on top of OpenSAML) into your application. It will enable you to act as a SAML 2.0 Service Provider.
You can see a working demo of such approach at http://saml-federation.appspot.com/ which shows a Spring SAML sample application connected to SSO Circle IDP.
Shibboleth doesn't provide a SAML SP component which can be embedded into applications. The Shibboleth SPs act as plugins to Apache or IIS web servers and cannot be used with Google App Engine.
You can also see the Spring SAML as an example of SAML 2.0 WebSSO implementation to follow in case you'd like to write it youself. Latest documentation is available in Spring repos, sources are at GitHub.