Can we implement SSO plugins in graylog version 5? - google-oauth

I wanted to implement SSO plugins in graylog version 5.
Don't want to go with LDAP or AD.
When i insert plugins in graylog 5 server will not start . it shows an error
is their any way to insert plugins in graylog version 5.
Thanks in advance

Do you have avalaible oidc or saml via ADFS or keycloak? Graylog free has only Trusted header authentication. So for example you can use Apache as reverse proxy with mod_auth_openidc or mod_auth_mellon. Free Graylog does not sync groups

Related

Guide on how to setup authentication via Azure ADFS for an application running on Tomcat

We have an application running on Tomcat currently and using LDAP as the means to authenticate users to our enterprise AD.
It is required to migrate this application to cloud (on AWS EC2) and to integrate with ADFS over SAML for login with MFA enabled.
Wondering if there are any guides on the the steps to be followed to make this happen ? What are the configurations that I need to enable in ADFS for my application and what configuration changes are needed on tomcat server.xml to have the connector integrate with ADFS rather than LDAP. Thanks.
Regards,
Raunak
Not a Tomcat guru but from the point of view of ADFS and SAML:
You need to use a client-side SAML stack in your application. This provides the SAML plumbing.
You then need to add a SAML RP to ADFS.
For MFA, typically you use Azure AD to provide the MFA.
(There used to be an on-premises ADFS MFA Server - that is now deprecated).
If that is not an option, there are third-party providers.

sso saml with weblogic and openam

I'm trying to setup saml sso with openam and weblogic.
The reason why I want to use saml is that I have multiple application where I can't change the web.xml to use the j2ee agent.
My question is if there is a good document explaining the setup with weblogic and openam.
I have read several guides, but I'm still confused...
Just looking for a good howto!
My current setup is
openam on tomcat installed on host1
weblogic installed on host2.
Webapp deployed on host2
So openam will be the IdP and weblogic will be the SP? right?
I have configured the openam hosted IdP.
I have added the saml identity asserter on weblogic and configured a web sso identity provider partner.
You can configure WebLogic to enable SAML SSO implementation. This requires the following steps to be completed.
WebLogic and IDP(OpeanAM) should be coupled - you can register OpeanAM as an authentication service provider inside WebLogic container using the administration console.
This requires a SSL communication, hence ideally, it's better to install a SSL certificate inside the container.
WebLogic can be configured to implement SAML SP (Identity asserter and Assertion consumer) by configuring the required through the administration console.
In fact it can be configured to work as a Credential mapper and Assertion receiver on the same way.
All these steps can be done inside a single WebLogic instance or between instances using a WebLogic federation.
Please refer the below link for more details.
I don't think WebLogic itself can act as SAML SP. Every application has to implement an SAML SP. Doing this via Spring Security SAML extension is quite neat. If you want more efforts look at the OpenAM Fedlet (it's also a lightweight SP). However the sample app generated when creating the Fedlet is not too helpful. The 'Fedlet' is not the sample all ,but more or less the jars and metadata included in the sample app.

Using weblogic Authorization without authentication

I have implemented OAM SSO Authentication for my web application deployed on weblogic. Now i want use weblogic embedded LDAP to provide app level authorization. I dont want to use the weblogic authentication, just the authorization since i already have authentication handled by OAM. Is that possible? Can someone please point me to any examples, tutorials, or ideas to achieve this?
Depending on your OAM version, you need to add a OAMIdentityAsserter Provider in your WLS domain. I say depending on your OAM verison, because you need to tell it which type of cookies to use.
OAM Admin guide will tell you how to do this.

How to use tomcat authentication with cookies enabled?

I use JDBCRealm to authenticate users and I want the users need not to login again when they come back a couple of days later.
But there seems no configuration here for me to enable cookie authentication in tomcat!?
I am using tomcat 7.
This is not supported, you'll have to implement a custom AuthenticationRealm to get this feature, or switch to a framework that provides authentication methods.

How do I configure WebLogic 10.3 Web App To Use SAML 2 SSO and Identity Provider?

I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support.
I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That all seemed to go fine.
I deployed a simple web app that I'm using for testing that is configured to use this realm. However, when I try to log in to the web app, it doesn't seem to even try to use the identity provider. I set the to both BASIC and CLIENT-CERT but both acted as if the SAM2IdentityAsserter wasn't set up. I played with changing the order of the asserters and tried removing the default asserter but none of this has made a difference.
Has anyone had any success doing this under WLS 10.3?
Maybe you could have a look at Implementing SAML2 SP-initiated use case with Weblogic 10.3.4. and ADFS
Best regards,
Luis
ps: now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)