I currently developing multiple Eclipse RCP based application which manipulates same resource (database and files).
I want to provide Single Sign On feature to these applications so the user doesn't need to provide his/her credentials. I want you Kerberos as it is inbuilt in windows, so logged in window user can log in to my application too.
Any tutorial link or suggestion is appreciated.
Thanks Shashwat
After searching a lot didn't found any help regarding this question. So, used java based NTLM authentication.
Related
i would like to use user authentication with google single sign on/authentication systems for one of Content management site using plone.
Please some one help me out how to do and the best way to complete it.
I have been scratching my head for a while now. Went through tons of documentations but everything seems very confusing. Please forgive if it appears to be a duplicate question, but believe me, the more content I find, the more its confusing me.
Below is the configuration of my project and what I need to achieve:
The project is a web based application developed using Spring framework with Java 8 that is hosted on S3(linux server). HTTP server used is Apache. JBoss is used as an application server and the exact version used is wildfly-8.2.0.Final.
Currently, the user enters his credentials which are validated against Microsoft Active directory using LDAP and is let in. The requirement now is that when the user logs into the machine using his AD credentials in his intranet environment, and he tries to open the application, he should directly log in and not prompted for credentials again. If he is outside his intranet network, the existing log in method should be followed.
While researching I found the below things I assume can be useful but not able to reach to a conclusion.
Kerberos along with Shibolleth: I went through below two references which somewhat matched with my requirement but not very sure am I looking at the right thing or not.
http://richardjohnson798.blogspot.in/2011/10/single-sign-on.html
http://gfivo.ncl.ac.uk/documents/UsingKerberosticketsfortrueSingleSignOn.pdf
My confusion revolves around the below things.
Is Shibolleth the right choice. If yes, what is the exact role of Shibboleth?
What things needs to be setup on the linux server(Kerberos implementation for example), and what changes would be needed in the client's AD environment?
Is the implementation possible on the Wildfly server? (as all the references have the thing implemented using Tomcat).
What are the security aspects I should be concerned about.
Help is much appreciated. Thank you.
Since you are using S3 I assume you are using AWS.
Go to IAM and add the Active Directory as a SAML provider
https://aws.amazon.com/blogs/mobile/announcing-saml-support-for-amazon-cognito/
Then use AWS Cognito Federated Identity Pool via the JavaScript SDK in the front end code you have hosted on S3.
http://docs.aws.amazon.com/cognito/latest/developerguide/using-amazon-cognito-user-identity-pools-javascript-examples.html
Problem Statement:
I am trying to build a custom management system which would require authentication and authorization both.
The system needs to have capabilities to manage/create/update/delete users, roles, permissions and groups.
My Design Solution
I am planing to implement this in-house from scratch and would provide authentication and authorization as follows.
Authentication : user would provide their credentials and the system would authenticate if the user is valid or not.
Authorization: once the user is authenticated, based on the user groups and the permissions they could access the requested pages on the site.
Question:
Now, my question is that suppose I have this application built successfully and in future my application requires LDAP (active directory) authentication would it be possible to plug in LDAP related features keeping my existing application intact or I would have to re-write the entire or most application using LDAP API's.
I have had a look at at apache shiro and spring security which
provides LDAP functionality and they also provide capabilities to manage/create/update/delete users.
As of now I have not yet decided if I would go with either of them or write my own.
Would appreciate if I could get a detailed reponse about how to go about things.
Note:
I am a complete newbie to LDAP so please excuse me if I have used some wrong terminology with regards to LDAP.
I would recommend NOT implementing this your self, just integrate with existing API.
Disclosure: I work for Stormpath (which provides exactly this) and on Apache Shiro.
Also, if your application needs to be backed by LDAP, most LDAP setups I've seen only support read operations when integrating with applications, so you may want to chat with your LDAP admin and see if your 'manage' user use case is viable.
Security is a serious domain, with lots and lots of hidden complications. I would definitely recommend against implementing this yourself. Since you mention Spring LDAP, I'm guessing you're in a Spring-based project. The obvious choice in such a setup would be the excellent Spring Security project.
I would like to centralise user management including authentication, authorisation and auditing as this is currently being performed by each application. I was wondering if there is an open source solution already available? I'm aware I can use LDAP or AD but this still requires development of an application to manage users.
I believe LDAP is not an appropriate solution as we require custom user attributes to be defined at runtime which is something LDAP does not support.
Any advice would be greatly appreciated!
There is Apereo CAS. It handles what you are after.
See www.github.com/apereo/cas
I'm writing an application, and I've only had experience using a custom login module with Glassfish fo handling user login. If deploying in the Cloudbees cloud, I'm assuming that providing a custom login module is not a possibility, correct? And even if it is, I don't think I really want to use that method. What mechanisms do you use to secure you application, having user accounts, etc? If you use an OAuth provider, did you write one yourself? If so, can you point me to an example so I can do the same?
Thanks.
John - I have used openid in several places - that seems to work well. I expect a similar solution exists for oauth using servlet filters or similar.
The cloudbees "grandcentral" service is an openid and oauth (I think) provider - for cloudbees accounts.
In theory you should be able to do the same - even if you have to run an embedded glassfish as a zip of jar files with a main launch class.