I have to integrate Websphere Application Server with OKTA. After googling I have configured snoop application as now I access OKTA(https://myorg.okta.com) and see the application there click there and I am logged in to the application successfully.
But my question is this at most of the tutorial after OKTA integration the url(https://washost/snoop) is mentioned for testing.
Can you please guide me which approach is right and why?
Many Thanks
Rama Sohaib and Xsurgent,
I have googled it more and understood my issue.Actually there are two types of Web SSO.
IDP(OKTA) Initiated where the URL becomes like this https://okta.com and SP(Websphere) Initiated where URL is like this https://washost/snoop. Websphere do not support SP Initiated SSO. It only supports IDP initiated SSO.
Thanks alot guys for helping me.Since I have successfully verified OKTA Integration with snoop I can easily integrate with any custom application.
Many Thanks,
Umar
Related
I have a confusion in while doing development. I am working on .NET 5 Web API in which I have implemented JWT authentication. Then I got to know that, client application(it entire different project owned by other team in my same organization) is configured using Windows AD or SSO, not fully sure though. But still client application won't be sending userid and password in a post request which I have in my AuthController. In this case, how my APIs requests will be authenticated to check if the client has access to it or not.
Any guidance on this would be helpful. Thanks in advance.
Excuse my ignorance but can PicketLink be implemented as an IDP within weblogic?
I am looking to create a light weight IDP Proxy to be able to accept SAML requests and issue SAML Assertions based on simple authentication handled elsewhere so not looking for anything that provides too much.
I wondered if picketlink offered a simple API to do this and whether it would work on a welbogic domain.
Weblogic has its own, built-in SAML implementation that is tightly integrated with the rest of their platform. It is fully configurable from their admin console. Use that instead of PicketLink.
http://docs.oracle.com/cd/E28280_01/web.1111/e13707/saml.htm#SECMG252
I have implemented OAM SSO Authentication for my web application deployed on weblogic. Now i want use weblogic embedded LDAP to provide app level authorization. I dont want to use the weblogic authentication, just the authorization since i already have authentication handled by OAM. Is that possible? Can someone please point me to any examples, tutorials, or ideas to achieve this?
Depending on your OAM version, you need to add a OAMIdentityAsserter Provider in your WLS domain. I say depending on your OAM verison, because you need to tell it which type of cookies to use.
OAM Admin guide will tell you how to do this.
Would like to know how I can enable my wcf web service to provide encryption and authenication? Currently, my web service is connected to Azure(ACS) and ask the identity provider for authentication checking, I can implement the ssl tunneling for getting username and password. but how I can get the acs token and perform SSO? I want to know any current implementation or is there any good example to follow?
Many thanks,
Mike
There is a codeplex project with some great documentation.
http://acs.codeplex.com/documentation
When you mention SSO, I'm assuming you mean federated authentication with active directory. If so, there's a sample project available on MDSN with an example.
http://msdn.microsoft.com/en-us/library/hh127796.aspx
lot's of useful information and samples here http://msdn.microsoft.com/en-us/library/windowsazure/gg185912.aspx
I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support.
I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That all seemed to go fine.
I deployed a simple web app that I'm using for testing that is configured to use this realm. However, when I try to log in to the web app, it doesn't seem to even try to use the identity provider. I set the to both BASIC and CLIENT-CERT but both acted as if the SAM2IdentityAsserter wasn't set up. I played with changing the order of the asserters and tried removing the default asserter but none of this has made a difference.
Has anyone had any success doing this under WLS 10.3?
Maybe you could have a look at Implementing SAML2 SP-initiated use case with Weblogic 10.3.4. and ADFS
Best regards,
Luis
ps: now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)