I know logout desn't work for Java adapter in Worklight 7.0, and found that it still doesn't work in Worklight 7.1. Is there any good work-around to discard an authenticated session?
You are not explaining what you're doing nor where you're doing it as well as did not provide a single line of code (you can use any service that hosts files to host your code)...
Therefore, I can only direct you to the following answers:
MobileFirst OAuth and Logout
MobileFirst OAuth Logout, cached OAuth indentity
Related
I have tried to find but without any success on how to use Windows authentication that is implemented in IdentityServer4 samples (Quickstart6: AspNetIdentity).
What I managed to find out is that I can use http://localhost:5000/connect/token to POST client_id, client_secret, scope and grant_type in order to get token. The issue is next. From what I have managed to find out in order to use Windows authentication, I need to use "hybrid" for grant_type, but I always get "unsupported_grant_type".
Since I want to avoid default MVC client that is in that example to work with Windows authentication, how can I use Windows authentication trough rest with provided username/email and password, so I can make my own login page for Windows authentication in for example React application?
I have also found http://localhost:5000/connect/authorize endpoint, but I don't know if I can use it for this and how to even work with that endpoint.
I'd suggest reading more about OpenID connect in general to familiarise yourself with the various flows.
When working in a Windows context I'd recommend using ADFS. The latest version supports OpenID Connect out of the box so is a doddle to integrate with from ASP.Net Core whereas the other options (direct LDAP calls or IIS integration) are more complex and/or restrictive.
That said, this article covers how to use integrated Windows auth when running in IIS on Windows: https://docs.identityserver.io/en/release/topics/windows.html
How can i use MFP (8.0) adapter based authentication without installing mfp client sdk / libs.
Is it possible to make REST call to the adpater (login) directly from the client application (mobile) without the client sdk.
Updates:
I have tried confidential client option , but i need individual user details instead of pre-defined client id.
You can't make Adapter Based Authentication in your Client Application without MobileFirst SDK.
However this is possible only with unprotected adapter endpoint.
Security check adapters cannot be accessed via REST calls. You can protect your resources with scopes mapped to these securitychecks and they get invoked when the resources are accessed. At the client, uou handle the challenges that come from the securitychecks. This needs the MFP Client SDK to be in place. You cannot access the securitycheck adapters directly without MFP client SDK.
There are two ways for you to avoid invoking a securitycheck:
Do not mark the resource with any security. In this case default security scopes get applied. However you still need MFP client SDK to handle the OAuth handshakes.
The only other way to avoid invoking security check adapters is to explicitly mark your resources un-protected ( disable OAuth security for that resource). This will prevent any challenge answer mechanism and you can access the resource without MFP client SDK. Do note that your resources (via REST endpoints) will be open to attack - there will not be any security applied on it.
I am trying to make an app using Ionic in Mobile First.
The web application is has got both sso and WebIdentity(LDAP) for the login functionality....
How to approach for the Hybrid Mobile App?
I do not believe there is direct relation between using LDAP in IBM MobileFirst Platform and using SSO in IBM MobileFirst Platform.
SSO in MFP allows you to automatically login to app2 if you have already logged-in in app1.
So assuming your are able to login to app1 via LDAP (which is server-side anyway, to check your credentials against a list of users), and assuming you have correctly set-up both apps for SSO, it should work.
Read about setting up SSO: http://www.ibm.com/support/knowledgecenter/SSHS8R_7.1.0/com.ibm.worklight.dev.doc/devref/c_device_single_sign_on.html
I am developing a mobile application using Worklight, in which when a user signs in after authentication he should not sign in again and again. Could you please tell me how to keep the user logged in?
Check out the 'Form based authentication in hybrid applications' project in the Getting Started page: http://www.ibm.com/developerworks/mobile/worklight/getting-started.html#GS_security
There is also another feature of Worklight called 'heartbeat' which keeps your session alive by sending a simple request to the server. This also happens automagically without need configuration. It can be configured see here for more information (http://pic.dhe.ibm.com/infocenter/wrklight/v6r1m0/index.jsp?topic=%2Fcom.ibm.worklight.installconfig.doc%2Fadmin%2Fc_optimizing_and_tuning_of_ibm_wl_server.html&resultof%3D%2522%2568%2565%2561%2572%2574%2562%2565%2561%2574%2522%2520).
Can you give more context to your question so the community can help figure out the problem? What version of Worklight are you using?
I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support.
I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That all seemed to go fine.
I deployed a simple web app that I'm using for testing that is configured to use this realm. However, when I try to log in to the web app, it doesn't seem to even try to use the identity provider. I set the to both BASIC and CLIENT-CERT but both acted as if the SAM2IdentityAsserter wasn't set up. I played with changing the order of the asserters and tried removing the default asserter but none of this has made a difference.
Has anyone had any success doing this under WLS 10.3?
Maybe you could have a look at Implementing SAML2 SP-initiated use case with Weblogic 10.3.4. and ADFS
Best regards,
Luis
ps: now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)