custom authentication in restlet 1.0 - restlet

I am using Restlet framework of 1.0 version. I am able to secure using Basic authentication with static username and password credentials.
But if I need to validate the user name and password with users available in ldap or db, how can i do that in 1.0? I couldn't see the custom authentication examples in Restlet framework 1.0 documentation.
Please help if possible with an example.
Note: I cannot upgrade to latest versions of restlet framework atleast now due to other dependencies.

Related

JWT Token with api version

I have a problem with JWT authentication with API Version.
In a .Net 6 Web Api project secured with JWT token we have added the versioning.
Whe use the api-version parameter in header of the call.
We have added a version 2.0 of one api.
If I work with api 1.0 all work fine.
If I ask for version 2.0 a receive 401.1 access denied.
If I had [AllowAnonymous] on version 2.0 api the routing work and call the right controller but the user is not identified.
Thanks for any suggestion
LSo

alfresco sdk authentication bearer with own filter

I started using Alfresck SDK (All in one) the latest version. I am trying customise authentication in Alfresco. I configured a new authentication using documentation: authentication but I want to provide JWT Token base authentication.
When I try to pass through a http header: Authorization: Bearer mytoken - it is cought by BasicHttpAuthenticatorFactory from child class RemoteUserAuthenticatorFactory and it says that it is not supported.
How to pass my own bearer token and then invoke: public Authentication authenticate(Authentication authentication) throws AuthenticationException method? I does not see documentation for adding new own servlet filters.
Assuming you are running a 5.x version (4.something may also work) of Alfresco and your Servlet container supports the Servlet 3 spec (Tomcat 7 shipping with Alfresco 5.x is fine), then you can add a Servlet filter by following the spec - annotation or web-fragment based.
Not quite sure about your scenario, but I added OAuth authentication to Share w/o leveraging the Servlet API. Wired a custom Authentication Component into the chain and added a bunch of tweaks (LoginController etc.) to Share

Login with Steam in ASP.NET MVC5

I have recently been playing around with ASP.NET MVC5 and the new OWIN authentication middleware.
I want my users to login with their Steam account and password. After a user logs in successfully, I just need the Steam Account Id for further processing. Steam can act as an OpenId Provider as stated in the documentation.
In MVC4 one would implement a custom OpenIdClient. It seems to me that in MVC5 the OpenIdClient class has been removed and authentication is configured using the IAppBuilder class which offers methods to login with Facebook, Google and other predefined providers.
Unfortunately, I haven't been able to find any documentation about plugging a custom provider to the new authentication system. Can you give me any instructions or references?
This is an answer to the bounty that was placed by #Buzinas.
This solution is going to use the NuGet package Owin Security Providers which is available here.
Go to the Package Manager Console (Tools -> Library Package Manager -> Package Manager Console) and install the above package:
Install-Package Owin.Security.Providers
In your App_Start\Startup.Auth.cs add the proper using statement. For Steam, you want
using Owin.Security.Providers.Steam;
Side note, there are several options available, so this package isn't just for Steam.
In the ConfigureAuth method, add app.UseSteamAuthentication("<<API KEY>>");
<<API_KEY>> should be replaced with the API key you received from Valve
Docs are still a bit sparse. One option is to copy-paste a similar existing provider and adapt as needed.
Recommended way to implement custom authentication provider for owin authentication
https://katanaproject.codeplex.com/SourceControl/latest

Joomla 2.5 custom authentication plugin using OpenID

I have been trying for many days to create a custom authentication plugin using OpenID for Joomla 2.5. I first used this extension: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/5366. It has a CAS plugin, but no OpenID plugin. I tried to use the CAS login plugin format for OpenID but my level of joomla/php/openid/cas knowledge is insufficient and it does not work.
I have also tried to use some available libraries such as lightopenid. It works on a custom-built website based on php, but I have tried to apply it to Joomla 2.5 with no success.
The next alternative is to use Janrain's OpenID (which was used in Joomla 1.5 actually). I am in the process of adapting the code from Joomla 1.5 to 2.5.
Has anyone been able to successfully develop a custom authentication plugin using OpenID for Joomla 2.5? Which of the above methods would you recommend? I do not want to use 3rd party apps such as Social Login and Social Share (which currently works), but to have it in-built into the normal Joomla login module.
Hope to be able to receive some help in developing such a plugin.
Joomla! 1.5 has a default-installed plug-in which allow user to log-in with open ID. In Joomla! 2.5 this plugin is not installed.
If you want to use OpenID Authentication and if you want a free extension you can download it from here: http://socialjoom.net.ru/component/option,com_jdownloads/Itemid,75/cid,46/task,view.download/ .
ALSO you can simply install Social Login extension:
http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/20465 . It's commercial...
All extensions are here: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based
PS: I haven't tested these extensions.
I hope this will help you.
The purpose of using an external authentication system (login page) instead joomla login page/module, is due to make sure that the access is secure and make possible to left a session cookie to allow single-sing-on if you are in an internal environment in wich webs/apps log through this external authenticator, so navigate to a login page from the authentication system is an standard.
If you want to use API OIDC calls to make your joomla login works with the authenticator, in this case, your credentials were exposed to risks/hacks and you couldn't get SSO between applications.

Can oAuth 2.0 server be used instead of or replace oAuth 1.0 server?

oAuth ver 2 introduces additional flows to the specification, and user experience of trusted projects could be improved a lot. For example: by using on-page username/password submission. This also increases the conversions by having username/password form in your checkout form. This is introduced in version 2.
Hence the question:
Can oAuth 2.0 server completely replace oAuth 1.0 server?
Yes. Google is even using OAuth 2 exclusively for several of their APIs.