I am trying to integrate SAML2.0 SSO (with Google OAuth) in Apache Superset. I can see only the Google OAuth integration but not SAML. Does Apache Superset support SAML2.0 ? If any, any hints would be highly appreciated. Thanks!
Related
I'm looking to set up a SAML using OneLogin. I would like to authenticate using OneLogin's python package python3-saml or onelogin and then connect to Google API using googleapiclient.
As of now, I couldn't find any documentation on how to go about this.
Does anyone have any example they can share with me on achieving this type of authentication or provide me some useful links to read up on this topic?
Thank you very much!!
I am using Apache Shiro as a security framework for my application which also need SAML for SSO integrations. And with possible Oauth in the future.
Do I only need buji-pac4j to cover both SAML and Oauth?
With buji-pac4j, do I need to write any SAML code at all or all are taken care of by buji-pac4j framework?
If I have the buji-pac4j and use CasServer for authentication would it be possible to integrate other Identity management server such as WS02 Identity Server (which act as a federation hub) to the CasServer?
1) pac4j is a generic security engine and buji-pac4j is an adapter of pac4j for Shiro. For SAML and OAuth, you need the buji-pac4j library, but also the pac4j-saml and pac4j-oauth modules
2) you don't need to write code for SAML, it's just about configuration: https://github.com/pac4j/buji-pac4j-demo/blob/master/src/main/resources/shiro.ini#L33
3) you can use the buji-pac4j and pac4j-cas libraries to integrate your application with your CAS server, though I'm not sure it's exactly what you want to do
I highly recommend to take a look at the demo: https://github.com/pac4j/buji-pac4j-demo
I am looking with Apache shrio framework. Looking at it authentication and authorization features can i build Identity server provider using shrio framework.
Is it possible to have features like,
Single Sign On
SAML support
Federation based on attributes
Do we need to write everything from scratch or shrio has some API's to handle such kind of features.
I read the documentation where they say about having SSO features based on Sharing of user session with multiple organizations . But i did not see any direct support API's to handle this.
To act as an IDP what shrio gives and what it does not support?
Please suggest.
Thanks,
Sohan
Shiro is a security layer that sits in front of your application. It is a security framework for a (SP) Service Provider that will issue an Authentication Request to your IdP (Identity Provider).
Open source IdP implementations that support SAML:
http://www.gluu.org/docs/
https://shibboleth.net/
This Stack Overflow question covers a way to use SAML to authenticate your user before they reach the application and provide the user's credentials as part of a http header.
Integrating Java Web App with SAML SSO
An alternative to installing and maintaining your own IdP.
https://stormpath.com/
The cost of developing, securing, and maintaining your own identity provider are likely much higher than paying a monthly fee.
Excuse my ignorance but can PicketLink be implemented as an IDP within weblogic?
I am looking to create a light weight IDP Proxy to be able to accept SAML requests and issue SAML Assertions based on simple authentication handled elsewhere so not looking for anything that provides too much.
I wondered if picketlink offered a simple API to do this and whether it would work on a welbogic domain.
Weblogic has its own, built-in SAML implementation that is tightly integrated with the rest of their platform. It is fully configurable from their admin console. Use that instead of PicketLink.
http://docs.oracle.com/cd/E28280_01/web.1111/e13707/saml.htm#SECMG252
We are looking at IDaaS offerings (OneLogin, Okta, etc.) When we've asked if they support CloudBees they said they do not, but they said if you support SAML authentication that they can add support for CB very easily. Do you know if you support SAML?
There is no specific support for SAML - however applications that are hosted on the platform would well support it.
CloudBees supports SAML integration with any SAML IdP endpoint. The SAML IdP endpoint could be running on your premises or you can use IdP providers such as OneLogin, Okta, Centrify etc. they also provide CloudBees app that you can configure for SAML. Both flow - SP initiated or IdP initiated flows are supported as well.
See, http://developer-blog.cloudbees.com/2013/09/cloudbees-now-offers-saml-20.html
Centrify definitely has a pre-built SAML app for CloudBees.
You can sign up for free here to test it.
https://www.centrify.com/free-trial/