How to secure your APIs using Azure Active Directory SSO Implementation using SAML 2.0?
You can Protect an API in Azure API Management using OAuth 2.0 authorization with Azure Active Directory
Hope this help!
Related
We have an application running on Tomcat currently and using LDAP as the means to authenticate users to our enterprise AD.
It is required to migrate this application to cloud (on AWS EC2) and to integrate with ADFS over SAML for login with MFA enabled.
Wondering if there are any guides on the the steps to be followed to make this happen ? What are the configurations that I need to enable in ADFS for my application and what configuration changes are needed on tomcat server.xml to have the connector integrate with ADFS rather than LDAP. Thanks.
Regards,
Raunak
Not a Tomcat guru but from the point of view of ADFS and SAML:
You need to use a client-side SAML stack in your application. This provides the SAML plumbing.
You then need to add a SAML RP to ADFS.
For MFA, typically you use Azure AD to provide the MFA.
(There used to be an on-premises ADFS MFA Server - that is now deprecated).
If that is not an option, there are third-party providers.
We're trying to develop an ASP.NET Core web API which lets users authenticate through Azure AD and would like to retrieve files from NextCloud on behalf of this Azure AD user. Our infrastructure is composed of an Ubuntu server running NextCloud 12, a Windows Server running the ASP.NET Core web API and an Azure Active Directory instance with Azure AD Domain Services.
Signing in through NextCloud using LDAP (provided by AAD Domain Services) works without any issues.
We've been trying out SSO with SAML in addition to LDAP but we keep seeing this error message when signing into NextCloud:
Account not provisioned.
Your account is not provisioned, access to this service is thus not possible.
How exactly are we able to retrieve files from NextCloud by using the same Azure AD token we receive when authenticating with our ASP.NET web API?
SAML is not well versed to use with Web APIs - its protocol is heavily vested on the application being Web Apps - ideally you should use Open Id Connect with Jwt tokens.
We're building a IaaS platform for the media industry. We're just looking to verify a few areas of Okta's capabilities and how to manage.
Okta is a web application for performing system administrative tasks against Active Directory repositories
Does Okta have such web application?
A demonstration of the web application
Is it possible to have a trial copy?
Authentication & Authorization via corporate AD
How do we set up the Okta AD Agent?
How do we use Okta API (to be integrated with our platform) to perform authentication against a corporate AD?
How do we use Okta API (to be integrated with our platform) to retrieve custom attribute information from corporate AD?
Thank you for your questions. Here are some resources to help answer your questions:
Our website has detailed documentation on how Okta works with Active Directory.
https://www.okta.com/resources/datasheet-ad-integration/
How to set up AD in Okta: https://support.okta.com/help/articles/Knowledge_Article/Okta-AD-Agent?_ga=1.41164711.449313748.1470873855
Furthermore, you can find further information on how to use the API on on our Developer helpsite: developer.okta.com
I am new in dealing with Sharepoint Server and other office services. Sorry if my question doesn't make sense. My question is:
Can I use other authorization servers other than azure ACS as an access token issuer for Sharepoint 2013 apps ?
I would like to apply OAuth authentication mechanism to the SharePoint sites which are currently accessible by enabling basic authentication of site properties.
SharePoint 2013 supports for server-to-server authentication and app authentication by utilizing and extending the Open Authorization 2.0 (OAuth 2.0)
I am trying to have app authentication to access sharepoint resources(site users) with OAuth mechanism. Is it necessary to register my app on Azure ACS just to get OAuth tokens. Can I also use other auth server which can generate OAuth access token. If yes, how will they app, custom auth server and sharepoint communicate each other?
I need to run .NET applications in Azure and have them authenticate against my on-premise directory (via PingFederate). It appears that ACS is the only way to do federated authentication from Azure, even though it has been deprecated for over a year. It also seems that ACS does not support OpenID Connect.
So am I correct in thinking it is not possible to do federated authentication via OpenID connect from Azure? And does anyone know when federation with external identity providers will be added to Azure AD?
Federated authentication is supported by Azure AD. Most of our enterprise customers connect their Azure Active Directory to their on-premises directory for federated authentication with Office 365 and other SAAS apps connected with Azure AD.
You can indeed federated your Azure AD with PingFederate and use Azure AD' OpenIDConnect protocol to configure single sign on for your cloud application.
Sign-up for a free trial Azure subscription and create a directory. Use the documentation here (http://msdn.microsoft.com/library/azure/jj673460.aspx) and the following sample app (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) to connect your app' authentication with your directory using OpenIDConnect.
Then, add a verified domain to your directory and federate it with your PingFederate STS by following the guidance here (http://documentation.pingidentity.com/display/PFS/SSO+to+Office+365+Introduction).
We don't recommend using ACS for this scenario.
Hope this helps.