I'm currently working on fixing a connection between a MVC4 application and IBM Cognos 11 application.
Previously, when moving between the MVC app and Cognos 10.2, we would redirect the user with their authentication within the URL. This wasn't desired but was how the system was set up initially when our team received the project.
Our team has now upgraded to Cognos 11. In doing so, we've lost the usage of this previous redirect (we get an error and the user isn't authenticated into Cognos).
My question is, is there a way to authenticate a user without installing the Cognos SDK (we have it but have yet to integrate it)? I was looking into the REST URL that it uses but it appears that to consume it, I need to have the SDK to do so.
It sounds like the Mashup Service may be what you want, that's a REST-oriented interface that supports authentication and doesn't require you to install the SDK. Here's a link that discusses how to login to Mashup Service:
http://www-01.ibm.com/support/docview.wss?uid=swg21660206
I tried the URL in that technote to get a description of required credentials on a Cognos 11 environment, and found that I had to tweak it because we aren't using a gateway web server. I found I needed to add a port, and omit /ibmcognos, so the URL that worked for me was more like
http://[ServerName]:[Port]/bi/v1/disp/rds/auth/logon?xmlData=
Finally, for more doc on Mashup Service, go to
https://www.ibm.com/support/knowledgecenter/en/SSEP7J_11.0.0/com.ibm.swg.ba.cognos.ca_dg_cms.doc/c_rass_gs.html
Related
So I have this really old UWP app that has been using the Live/OneDrive SDK to provide authentication and identification for at least 7 years now. The app is registered with Microsoft Account Authentication which provides a Client Id and Client Secret to identify the app when an authentication request is made.
When I use the SDK for authentication (OnlineIdAuthenticationProvider), it returns a unique Id (CurrentAccountSession.UserId) with which I can determine which of my users is using the app and then use that unique Id to persist/retrieve information the user provides.
The problem is....The OneDrive SDK is super old (hasn't been touched in over 3 years), outdated (.NET 4.51...no .NetStandard implementation) and Microsoft is pushing everyone to use MSAL and Graph instead. Fine.
But how can I do that and still be able to tie the person who is logged in to the app to the information I am storing for her/him?
From what I'm seeing, in order to use the new SDKs, I have to register my app, again, in the Azure portal and use a new Application (client) ID. If so, when my user logs in...my expectation is that any identifier that's returned to my app in the authentication process will not be the same as the UserId I've been using for almost a decade.
Has anyone done this? I can't be the only person who has encountered this problem...can I?
Any help would be greatly appreciated....
I would like to authenticate users against Active Directory using LDAP. Is it possible with OpenIddict ?
Currently, I have Front end (Angularjs) + Back end (Web.API with ASP.NET Core and OpenIddict) which works perfect. Part of users use individual user accounts and they will continue. Another part of users should use AD accounts. It is inside internal network and would like to use already existing Active Directory for that.
Please suggest any solutions for that.
Thanks.
Please suggest any solutions for that.
OpenIddict is never responsible of the login/authentication part, so you can freely implement it to use LDAP with both interactive flows like the code flow and with non-interactive flows like the password flow.
If your AD servers can run Active Directory Federation Services, I'd recommend using it, as it's the best way to achieve what you want.
Depending on the version you're using, you'll be able to integrate with any ASP.NET Core app quite easily (the 2016 version supports OpenID Connect while the previous one supports OAuth2: both can be used with the OAuth2/OIDC middleware developed by the ASP.NET team).
If you can't use ADFS, another option is to use Integrated Windows Authentication. It's currently only supported when hosting your application behind IIS or when using WebListener.
If none of these options work for your scenario, you can opt for the "low-level LDAP validation" route. Though it's not officially supported by .NET Core, there are a few libraries developed by the community that you can use: https://github.com/dotnet/corefx/issues/2089#issuecomment-231994908.
I have already a Windows Mobile application developed in .Net Compact Framework 3.5 (C#), my application runs in Enterprise Mode and I want actually to add a remote authentication to my application, I'm thinking about single sign on. Following are my questions:
1- Do you have any suggestion for a single sign on implementation that can be added to my Windows Mobile Application? So, which Authentication Server to be used and what are the modifications to be done into my application?
2- If 1- is not technically feasible in Windows Mobile, do you have any suggestion for a remote authentication solution to be implemented?
3- I'm thinking to use either Active Directory or LDAP to store user credentials. Can I add SSO to AD or LDAP? what is to be done in my application to add the authentication in this case?
Thanks for your support.
I have not been able to personally get Active Directory to work on Windows Mobile.
Instead, I created a service running on our network that authenticates using Active Directory.
I can call a web service! (Learned about that not too many months back)
The username and password, I believe, would be sent as open text (not encrypted), but that is OK for our use.
I have an WinJS metro application that I'm using to connect to a remote webservice that same domain. I read up on the app manifest capability (well the little that is present online) and was hoping that I would be able to use the logged in users credentials to access this webservice without requiring them to login.
I'm trying to authenticate to the webservice via a post using a contentType: "application/x-www-form-urlencoded;charset='utf-8'". This application was previously a website that would prompt the user for login credentials in the authentication step using the aforementioned post. In the WinJS metro application I'm effectively using the same code (minor tweaks) to achieve the same result.
Has anyone had experience with Enterprise Authentication in a WinJS metro application and could better explain what types of resources I would/wouldn't have access to. I'm hoping this isn't specific to accessing things like file shares and intranet sites.
I had this exact issue as well. After ensuring the following Capabilities were enabled in the package.appxmanifest:
Enterprise Authentication
Internet (Client)
Private Networks (Client & Server)
I had to still add the URL of our web service to Internet Explorer's list of Intranet Sites. Only then did the prompt go away.
I'm trying to figure out, how to use OAuth 2.0 to access Google APIs from my web app. The problem is, that the protocol require developer to register redirect_uri (URL of page receiving access token). But my application can be distributed to many customers and can be hosted on endless number of servers. There is no way to know redirect_uri beforehand.
Google offers another option for installed applications, but I cannot use this variant neither. Auth server returns access code in window title and this information cannot be accessed from javascript of our page (JS cannot access content of window opened using window.open(); if that content comes from different server).
To conclude:
Cannot use method for web applications, because I don't know all URLs where will our app run in the future.
Cannot use method for installed applications, because window title is not accessible from our JavaScript code.
Is there any recommendation, how to use Google's OAuth 2.0 from distributable web application running on a lots of servers? Thank you.
Are you sure you cannot access the window title? If your app is opening the window, it should be able to access it. It should be possible to do this in a similar way you would do it in a mobile app.
If all attempts fail, you could set up a proxy server (that has a known redirect URI) and hands out the Google tokens to all your clients. Or better each of the apps could have its own proxy server - the server it was downloaded from. But then if each OAuth client can only have one redirect URI, each app would have to be a separate OAuth client.