I am using Identity Server for SSO in Thingworx. I am able to federate login, however I am not able to handle Logout.
Pls assist on how to handle logout.
You can specify IDP logout URL from the Saml Federated IDP configuration.
Thanks
Isura
Related
We are using
Aspnetcore#3.1
with identityserver4 using oidc-js client for authentication with cookie authentication.
We are unable to achieve remember me functionality. Identity cookie is persisted but session is unable to validate from server side it redirects to login page.
How could user session invalidate server side?
Help needed configurations are default as Quickstart.
Thanks in advance.
Is it possible to made a 2-factors authentication with OIDC Identity Brokering
I'm trying to use TOTP to setup the 2-factors authentication, it work for password authentication method but not with OIDC Identity Brokering.
1- with password method:
login + password
OTP password
succes login
2- with OIDC Identity Brokering:
select oidc provider
select account
succes login
is it possible to add stage otp password in oidc method?
May someone know the issue?
It is not a problem of OIDC protocol (actually, I guess your are using OIDC in both cases), but used authentication flow. Make sure you have properly configured First Broker Login flow, which fit your needs. For example:
Source: https://github.com/keycloak/keycloak-community/blob/master/design/multi-factor-admin-and-step-up.md
But I would say it won't be clever idea to require TOTP in the Keycloak in this setup, when Keycloak is only middle layer (Identity Brokering). The proper config will be to configure (T)OTP on used OIDC provider (that's another IDP, which is only used by your Keycloak).
I have Cognito setup with SAML authentication to both Google and Okta. It works great.
I have a use case where when a user wants to approve a record, they need to provide their username and password (a second time, just for the approval). Unfortunately, this is the law set out by/for the FDA.
SAML has a mechanism to send a request to force authentication. Does anybody know how to get Cognito to send that request to the IDP?
I have an Android app and an API secured with Auth0.
I'm developing an app for a new client, who has a large Cognito user pool.
Is it possible to use my current Auth0 setup to log in Cognito users via email/password and receive a Auth0 JWT?
I don't want to create a new Auth0 user for each Cognito user. At least not explicitly.
Thanks
If I understand you correctly, you want to use Auth0 as a service provider and AWS Cognito as an identity provider. In theory, you can use SAML protocol to achieve that. Try the following:
Configure Auth0 as SAML service provider. https://auth0.com/docs/protocols/saml/saml-sp-generic
Configure AWS Cognito AS Identity provider: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html
Then, once you initiate the login flow in auth0, users will be redirected to AWS Cognito for user authentication. After successful user authentication, AWS should redirect the user Auth0 with SAML Assertion. In that stage, Auth0 will validate the assertion and will issue a JWT token. The user will be redirected to your application with JWT. Note that if this is the first login, auth0 will create a user profile.
https://auth0.com/docs/protocols/saml
The following AWS documentation explains how to configure auth0 as IDP.
https://aws.amazon.com/premiumsupport/knowledge-center/auth0-saml-cognito-user-pool/
I have configured multiple service providers which provider OAuth2.0 Authorization which use WSO2 as the identity provider. When I login to one of these service providers, I am successfully logged into the application. When I visit the other service provider, I am logged in as well. I have a few questions about this.
Is this considered SSO, as I am granted sign on between all my Service Providers after logging into one?
How does WSO2 IS know I was logged in to another Service Provider? Does it work by session cookies?
Thanks in advance!
Answering Q1 Yes. That can be considered as SSO but may need to combine openid connect with oauth2 authorization to get end user attributes to service provider
Answering to Q2 commonAuthId cookie will be used to handle authenticated session between multiple tabs in same browser