Fusionauth localization support - fusionauth

We are developing an application that needs to have custom look per tenant.
The Themes API coming on 1.8.0 informs that in that "Themes are configured per Tenant".
We would also need to support several languages per tenant.
Will the new themes feature allow for localization?
Are there plans for supporting email templates per tenant?

The 1.8.0 version update will be moving most of the System Configuration to the Tenant. This will include:
Email templates
Password policy
Theme configuration
OAuth configuration
JWT configuration
Event configuration
The 1.8.0 release will not include localization support for themes, but this is on the roadmap. I can't say for sure when it will be available.
Feel free to contact us through the website to discuss expediting that feature for you.

Related

"Cloud native" replacement for LDAP Active Directory synchronization?

If you were to build an enterprise SaaS app today, what would be the preferred protocol/endpoint to obtain the list of users, emails and groups from an Azure AD deployment?
Historically this was done via LDAP connection to an Active Directory Domain Controller, and I see that Azure offers an LDAPS service (Azure AD DS).
ADFS, which is quite widespread, is just a SAML-compatible IdP, but it doesn't seem to provide an API for listing the directory of users.
The Microsoft Graph API seems to be able to provide at least some of this information, but it seems to be fairly new and very widespread. There's also something called SCIM that appears to have broader support, but it doesn't seem to be super popular on enterprise cloud apps either.
My research has shown that the apparent right answer for this problem is to implement SCIM 2.0 APIs on the product.
The main annoyance of the approach is that SCIM 2.0 is a protocol that is triggered by the directory provider (i.e. a SaaS app will receive an API call from Azure AD when a user needs to be created or updated, instead of the SaaS app contacting a directory endpoint to fetch the information when it is needed).
This creates a few annoyances such as potential race conditions when updating user information in the middle of application processes, or the fact that updates to the directory can't be triggered at convenient times (such as nightly, for example). Debugging/testing is also more problematic.

Jira / Bitbucket Application Links with Basic Authentication

This is admittedly a duplicate of this question :
HTTP Basic Authentication and Attlassian JIRA, Confluence and Bitbucekt
... but I have the same question, and that was not answered!
Does anyone know how to setup "Application Links" between Jira, Bitbucket, or other Atlassian apps when the remote app requires basic authentication? The legacy docs for Jira indicate there use to be a basic authentication option, but they seem to have eliminated that.
If you're stuck with a combination of very old and new applications, then it is possible that you cannot create an application link between them, unless you upgrade your legacy application(s).
Atlassian has this in their Application Links documentation:
As a general rule, you should ensure your applications are using the same major version of AppLinks to resolve any potential incompatibilities.
For a matrix of compatible versions, look here.

Restricting access to a CloudFoundry-hosted website to a limited number of beta testers

I would like to use cloudfoundry to demo a Spring-based webapp to a limited group of beta testers.
I can't really rely on the application's own authentication/security mechanism as it is already used by the business logic of the application (i.e. a visitor to the website can register as a new member and then login with an email and password).
I therefore need some way to restrict access to my beta website to a limited number of beta testers who will need to "pre-authenticate" before they can navigate both the "public" and "private" part of the beta website.
Is this possible with CloudFoundry? If so how?
No, currently it is not possible. As soon as you've published your app to CF and registered a rote for it, it becomes publicly available to all internet users.
The authentication mechanism that CF provides is for management purposes (e.g. creating a user that will be able to push new version of the app to CF) and is not connected with the business logic of your application.
CF only provides abstraction from a hosting platform according to PaaS approach. That means that your app will implement all the functionality it needs, including authentication.
However you could use some standard features of your framework to achieve this, but still you is the one who is responsible for it.

RallyDev API:How to prevent password expiration for user accounts

I am using the following SOAP API to interact with rally:
https://rally1.rallydev.com/slm/webservice/1.40/RallyService
And I am using a Username/Password which expires every three months. I was wondering if there is any settings on user accounts in rally that could prevent it from expiring.
Thanks,
Varun
Unfortunately a password expiration policy is required for all Rally UserID's. This is a commonly-requested feature however, to allow for more relaxed policies for automation users. This idea:
Change password policy for single user account
On Rally Ideas corresponds to this feature request. I'd encourage for you and your teammates to vote on it to help raise visibility with Rally's product team.
Also - you may wish to explore porting your automation code to one of Rally's REST-based toolkits.
Versions 2.0 and higher of Rally's Webservices will not include SOAP-based services. While SOAP will continue to be available in Webservices 1.x for a full year following the soon-to-be released Webservices 2.0, customers requiring new/updated Rally functionality will find that updates are no longer available in SOAP starting with version 2.0.

Cyber-Ark Privileged Identity Management API

Do anybody know if there is any sort of API available for Cyber-Ark Privileged Identity Management to integrate it with an enterprise applications?
I think the answer might be 50% yes, 50% no. Definitely Cyber-Ark offers web services and an API for their Vault objects, so you should be able to retrieve passwords from the Vault from a trusted application. There is a paragraph of sales information on Cyber-Ark's website:
Cyber-Ark's comprehensive SDK provides an interface to the Vault objects that you can use to develop custom solutions that work with the Vault. Cyber-Ark provides a variety of SDK such as Command Line Interface, ActiveX API, .Net API and Web Services API
But beyond working with their Vault objects, I'm not entirely sure. I'm currently looking for more information on their Vault web services, and I think I need to register to be a Partner to get that information. I'll post a follow-up if I learn anymore.
You are suppose to purchase an API license per server to have read-only access to the vault for authorized applications.
They provide Java, C#, etc. libraries and you place authorization key material on the server to enable it access.
It is called CyberArk Application Identity Manager, an entire sub-product.
The only reference I could find:
http://lp.cyberark.com/rs/cyberarksoftware/images/ds-application-identity-manager-10-20-2014-en.pdf
CyberArk created Conjur. It is open source and free. It contains its own Vault and is intended for dynamic Application Access Management. In particular, Conjur and its upgrade Conjur Enterprise should secure the complete DevOps pipeline. The paid version can be integrated with the Vault solution (the PAS Core solution of CyberArk).
For static applications, CyberArk has the Credential Provider, Central Credential Provider and ASCP (I forgot the full name of it now). These solutions are agent based while Conjur is agentless. Because they are agent based, they are only intended for environments with comparatively slow changes as an agent needs to be installed on every server in order to provide the credentials from the Vault.
These solutions have REST API, CLI and SDK capabilities.