I am developing VSCODE extension where I have scenario to authenticate the user to an AAD application. I tried using 'msal' library but it internally uses 'sessionStorage' or 'localStorage' which VSCODE environment doesn't allow. Is there any way to authenticate user to a custom client id?
Related
We are looking at building a gmail add-on for our application. Our application uses custom authentication (different from gmail or google Oauth).
There are few questions:
Is it possible to launch a single page application(eg. angularJS application) in gmail add-on?
What is the recommended way of authentication and authorization?
Is it possible to render or redirect to/from a secure html or jsp page in a gmail add-on?
How can we implement authentication flow to get tokens from application which use custom authentication eg. form based authentication?
I am trying to make an app using Ionic in Mobile First.
The web application is has got both sso and WebIdentity(LDAP) for the login functionality....
How to approach for the Hybrid Mobile App?
I do not believe there is direct relation between using LDAP in IBM MobileFirst Platform and using SSO in IBM MobileFirst Platform.
SSO in MFP allows you to automatically login to app2 if you have already logged-in in app1.
So assuming your are able to login to app1 via LDAP (which is server-side anyway, to check your credentials against a list of users), and assuming you have correctly set-up both apps for SSO, it should work.
Read about setting up SSO: http://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/devref/c_device_single_sign_on.html
Hello I have read and implemented these Vittorio Bertocci tutorials:
"Secure ASP.NET Web API with Windows Azure AD and Microsoft OWIN Components"
"Protecting a Self-Hosted API with Microsoft.Owin.Security.ActiveDirectory"
However unlike the tutorials my web application is comprised of the following OWIN components: NancyFx & ASP.NET Web API (following the architecture pattern set forth here)As I attempt to implement AAD authentication (as Mr. Bertocci does in his tutorials) into my NancyFx module (to authenticate a user who hits a route requiring authentication):
I get the following error
Additional information: Loading an assembly required for interactive user authentication failed. Make sure assembly 'Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' exists.
clearly the AAD dialog that pops up asking a user to login has a dependency on WindowsForms and shouldn't be invoked from a web application.
What AAD credential prompt should I be using instead?
How to I implement AAD auth in a web app client?
My understanding of the scenario you are trying to implement is that you have the following actors:
Browser -> Web Application -> Web API
Where the browser is authenticates a user to the Web Application and then the Web Application attempts to obtain a token that will allow it to access a resource at the Web API on behalf of the user.
That being the case, your Web Application will need to redirect the browser to the AAD OAuth 2.0 authorization endpoint. There the user will enter their credentials and be redirected back to the Web Application with an authorization code. You can then use that authorization code to obtain a token via the Active Directory Authentication Library (ADAL). Specifically you will use the AuthenticationContext.AcquireTokenByAuthorizationCode method. The following blog entry by Vittorio gives more detail on the code you will need to implement in the Web Application in order to obtain the token. It is not an OWIN specific implementation, but should be easy to translate into your NancyFx app.
Using ADAL’s AcquireTokenByAuthorizationCode to Call a Web API From a Web App
You should not have to change your ASP.NET Web API that you implemented per "Protecting a Self-Hosted API with Microsoft.Owin.Security.ActiveDirectory"
The version of AuthenticationContext.AcquireToken that is used in the client app example in the Protecting a Hosted API... blog entry is intended for a different scenario where no browser is involved. Instead the user is interacting with a desktop application that is then calling a Web API on the users behalf. In that case, the AcquireToken call must show a browser based dialog in order to allow the user to sign in and obtain an appropriate token.
I have been trying for many days to create a custom authentication plugin using OpenID for Joomla 2.5. I first used this extension: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/5366. It has a CAS plugin, but no OpenID plugin. I tried to use the CAS login plugin format for OpenID but my level of joomla/php/openid/cas knowledge is insufficient and it does not work.
I have also tried to use some available libraries such as lightopenid. It works on a custom-built website based on php, but I have tried to apply it to Joomla 2.5 with no success.
The next alternative is to use Janrain's OpenID (which was used in Joomla 1.5 actually). I am in the process of adapting the code from Joomla 1.5 to 2.5.
Has anyone been able to successfully develop a custom authentication plugin using OpenID for Joomla 2.5? Which of the above methods would you recommend? I do not want to use 3rd party apps such as Social Login and Social Share (which currently works), but to have it in-built into the normal Joomla login module.
Hope to be able to receive some help in developing such a plugin.
Joomla! 1.5 has a default-installed plug-in which allow user to log-in with open ID. In Joomla! 2.5 this plugin is not installed.
If you want to use OpenID Authentication and if you want a free extension you can download it from here: http://socialjoom.net.ru/component/option,com_jdownloads/Itemid,75/cid,46/task,view.download/ .
ALSO you can simply install Social Login extension:
http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/20465 . It's commercial...
All extensions are here: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based
PS: I haven't tested these extensions.
I hope this will help you.
The purpose of using an external authentication system (login page) instead joomla login page/module, is due to make sure that the access is secure and make possible to left a session cookie to allow single-sing-on if you are in an internal environment in wich webs/apps log through this external authenticator, so navigate to a login page from the authentication system is an standard.
If you want to use API OIDC calls to make your joomla login works with the authenticator, in this case, your credentials were exposed to risks/hacks and you couldn't get SSO between applications.
I have an WinJS metro application that I'm using to connect to a remote webservice that same domain. I read up on the app manifest capability (well the little that is present online) and was hoping that I would be able to use the logged in users credentials to access this webservice without requiring them to login.
I'm trying to authenticate to the webservice via a post using a contentType: "application/x-www-form-urlencoded;charset='utf-8'". This application was previously a website that would prompt the user for login credentials in the authentication step using the aforementioned post. In the WinJS metro application I'm effectively using the same code (minor tweaks) to achieve the same result.
Has anyone had experience with Enterprise Authentication in a WinJS metro application and could better explain what types of resources I would/wouldn't have access to. I'm hoping this isn't specific to accessing things like file shares and intranet sites.
I had this exact issue as well. After ensuring the following Capabilities were enabled in the package.appxmanifest:
Enterprise Authentication
Internet (Client)
Private Networks (Client & Server)
I had to still add the URL of our web service to Internet Explorer's list of Intranet Sites. Only then did the prompt go away.