All - I am trying to configure an HTTP connector to use Oauth1.0 instead of Basic Authentication with the Anytime Studio IDE for Eclipse. I am used to configuring the connection in the drag/drop interface of middleware, but never touching the source code. For this project, we edit the Java code to configure the connection, so I assume I will need to load some other Java class to get the Nonce and Timestamp. Does anyone have any experience/examples of implementing Oauth 1.0 in Mulesoft? in their documentation, I only see references to Oauth 2.0 and HTTP connections, not 1.0.
The most recent documentation can be found here: https://docs.mulesoft.com/connector-devkit/3.9/oauth-v1
Related
The post is almost duplicate as this question, but I am using new SignalRCore (1.0.0 alpha2).
<PackageReference Include="Microsoft.AspNetCore.SignalR" Version="1.0.0-alpha2-final" />
In my .NET Core 2.0 I use OpenIddict to authenticate user on server. On client I use angular2-jwt.
Now I need to know how can I connect on server with Authorization header access_token? I would assume that I should use custom request header when trying to connect on server.
Can this be done with new SignalR Core? I found this thread which mention that websockets does not support custom headers but I wonder if SignalR Core team did some magic to support this scenario.
This is not possible when you are using JavaScript client because some underlying APIs (like webSocket) don't allow setting headers. This is why you need to use queryString. Also, this thread on github may be useful.
If you are using the C# client setting headers is not possible at the moment but this is just a limitation of the API and should be fixed in the future.
EDIT
SignalR now has API that allows to pass JWT token to both C# and JavaScript client. It is also now possible to set headers when using C# client.
We are working with MobileFirst 7.0 version. We want to achieve authentication using adapter based authetication process. Earlier we used HTTP Adapter and it worked. But we changed it to Java Adapter and want to acheive authentcation with Java Adapter Based authetication.
My questions are :
Is it possible?
If yes, how can we move forward?
If not, what is the alternative of doing authentication usig Java Adapter?
There is some documentation covering your question.
Here are links to get you started:
Authentication concepts in MFP 7.0: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/authentication-concepts/
Adapters overview: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/adapter-framework-overview/
Java adapters: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/server-side-development/java-adapter/
Adapter-based authentication: https://developer.ibm.com/mobilefirstplatform/documentation/getting-started-7-0/authentication-security/adapter-based-authentication/
You need to use a JavaScript adapter.
Read the documentation.
Use OAuth.
I found this blog entry, and in particular the second video answered many questions.
OAuth Blog
In all cases I have ever seen we set up a Worklight security Realm and use adapter-based authentication to authenticate to that Realm. Our OAuth-protected resources then reference that realm.
In principle we could define realms that do not depend upon a JavaScript adapter for authentication, the MFP Security model is open to extension. In practice this is probably more work than you want to do. I find that the JavaScript model is itself quite extensible, as it can call down to Java code when something complex is needed.
My application is running on Apache 2.0 server and my java code is deployed on Tomcat 7.0. Now i am going to introduce Single sign-on concept into my application.
Does tomcat 7.0 support SAML 2.0?
If yes please clarify , compatibility-wise what is the difference between SAML 1.0 and SAML 2.0 ?
Tomcat 7.0 does not look to have native SAML support but since you don't specify particular restricions and want to introduce Single Sign On you might be interested in Apache CXF Suite (link to SSO page), in particular Fediz plugin (see architecture ).
SAML 1.x to SAML 2.x main concerns (as protocols) are that 2.x is not backwards-compatible (new and renamed XML tags, protocol and binding changes).
If you ask which version is "better" to choose fresh, I say 2.x if you need to support both you might need a kind of converting gateway/proxy (Fediz supports 1.1 tokens but I didn't use it)
To the best of my knowledge Tomcat 7 does not have a SAML SP provider implementation. You may have a look at SAML Spring Security extension o picket link (https://docs.jboss.org/author/display/PLINK/Service+Provider+Configuration)
The Microsoft identity team released a CTP package for WIF back in 2011 adding support for the SAML 2.0 authentication protocol.
http://www.cloudidentity.com/blog/2011/05/16/ATTENTION-ASP-NET-DEVELOPERS-SAML-P-COMES-TO-WIF/
Unfortunately the link to the Microsoft Connect site is dead. Since most WIF functionality has been moved into .NET 4.5 System.IdentityModel namespace, I was hoping to find the Saml2AuthenticationModule class there. However, I cannot find that class anywhere in the identity model assemblies.
Does anyone knows what happened to the SAML 2.0 support classes? Where they migrated to .NET 4.5 System.IdentityModel namespace? If not, is the original CTP package available somewhere?
The WIF SAML stack never made it out of CTP. Had a look around and can't find it anywhere.
It was based on WIF 3.5 so wouldn't run under WIF 4.5 anyway.
My guess it that it was removed because SAML support is non-trivial and you can get the same functionality by federating via ADFS or Azure Active Directory.
There are other libraries available - refer: SAML : SAML connectivity / toolkit.
We are planning to buy the license for SAML component from component pro but i want to make sure that it can be integrated with PHP moodle environment. We will be having ASP.Net web application which will act as IDP and user clicking on our website will transfer to Moodle PHP website which is being maintaned by other company. Its only us who will be using the Ultimate SAML component from component pro to create a SAML response and send it to them. But how can they read that SAML response without using the component pro library because the SAML response that i am sending is an object of SAMLResponse class from the library. I checked out all the sample projects and all the IDP and SP in the sample projects from component pro and all of them uses the comp pro library to create and read SAML responses. Basically i want create a SAML response using this library which can be read by SP without using the component pro library and we can have successful SSO integration. I apologies if i was not clear present my scenario.
SAML is a XML based standard. The SAMLResponse you are talking about will be marshalled to XML before the message is sent.
As long as your component and Moodle is correctly implementing SAML it doesn't matter what you are using to generate the SAML messages.
Agree with #Stefan. SAML is a protocol standard - how you implement it is irrelevant.
It's kind of like having English as a standard and the one side writes a message using Notepad and the other side reads it using Word.
Notepad != Word but because they both use English it doesn't matter.
Just a word of warning - SAML is a huge protocol - not all implementations support all sections.
My SAML plugin for moodle, based on simplesamlphp should be compatible with that IdP. Is free and many organizations are using it. https://moodle.org/plugins/view.php?plugin=auth_saml