IBM Worklight - What is offline authentication? [closed] - ibm-mobilefirst

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I have seen sometimes the concept of "offline authentication" in slides but I have never been able to map it to specific feature.
Now in Worklight 6.1 I see it in a table of features and the support for each platform:
http://www-01.ibm.com/support/docview.wss?uid=swg27039422
What is offline authentication and how does Worklight implements it? I understand it is not the same as "working offline".

Looks like "Offline authentication" is a reference to Encrypted Offline Cache... and the same can be achieved with JSONStore as well.
Source: Enhancing Your Mobile Enterprise Security with IBM Worklight
Offline authentication
When applications are running on mobile devices
that are not connected to the network, the need for user
authentication still exists. The encrypted cache feature in Worklight
can be used to achieve more offline authentication because only the
correct passwords can unlock the offline cache.
Theoretically you could devise an authentication flow that uses local secure storage for authentication needs.... I don't know how popular that would be...

Related

How does FusionAuth compare to other auth providers? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 3 years ago.
Improve this question
We're checking out Auth Providers and was wondering how FusionAuth compares to the others?
First of, FusionAuth is free. Developers can use it for any application and even deploy to production with any number of users. All of the features of FusionAuth are available for free as well.
FusionAuth provides all of the core features that an identity provider must provide. These include registration, login, SSO, MFA, password hashing, password constraints, password reset, email templates, OAuth, OpenID Connect and others. In addition to the core features, FusionAuth also provides localization features, reporting, analytics, user segmentation, user search and a user management UI.
FusionAuth is single-tenant and downloadable. You can download it to your dev box, deploy it on a bare-metal server, run it in any cloud or deploy it to Docker. This provides a lot flexibility and FusionAuth (the company) can host it for you in an AWS private cloud if you need.
Finally, FusionAuth is built to scale. You can spin up new instances of it to handle large login volumes (because password hashing is expensive). We've tested it with a few hundred million users and it performs nicely.
Here's a quick example of just one of the numerous of APIs that FusionAuth provides.
$ curl -H'Content-Type: application/json' \
-d'{"loginId":"test#fusionauth.io", "password":"password"}' \
https://localhost:9011/api/login
This is the Login API and you can find the full documentation here: https://fusionauth.io/docs/v1/tech/apis/login
There are comparison docs to other common solutions like Auth0 here.
https://fusionauth.io/blog/2018/10/19/auth0-and-fusionauth-a-tale-of-two-solutions
At the bottom are links to comparisons to Active Directory, Cognito, Firebase, Ping Identity, Okta, and OneLogin.

How to configure kubernetes cluster with corporate ldap, for authentication? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
How to configure kubernetes cluster with corporate ldap, for authentication?
I'd not found anything official.
Kismatic is one of the projects that provides a Lightweight Directory Access Protocol (LDAP) authentication webhook for Kubernetes. For Kismatic Enterprise Toolkit (KET) source code check out this link.
According to official documentation as of K8s 1.3, there is no native support for ldap authentication but using keystone can be a way to bridge to an LDAP or AD.
Found this link showing a sample walk through (with Samba):
http://cloudgeekz.com/1128/how-to-setup-active-directory-or-ldap-authentication-for-kubernetes.html
This implies the API server does the authn for the client... a more flexible solution using keystone tokens might soon be implemented here: https://github.com/kubernetes/kubernetes/pull/25391

Webapp - User Account Management [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 6 years ago.
Improve this question
I'm working on a webapp that requires user account management and authentication. The users should be able to login to their account using different tokens - Email, Phone Number, Facebook id, Company account id etc. Same user might be using all of these different methods based on the entry point they choose to login.
From the backend, I should be able to retrieve the correct user account based on any of these tokens. Basically, multiple tokens (email, phone, facebook etc) should point to the same user account.
I have been looking into Firebase and Stormpath. From your experience, do you think Firebase or Stormpath are good options for me? I was wondering if there are good pre-build web solutions for this without re-inventing the wheel by myself.
Please feel free to suggest different web solutions and architecture tips.
Thanks for your time,
Iranga
Disclaimer: I work at Stormpath
Firebase is a platform/ecosystem for building web/mobile applications, and as such they offer an authentication and authorization solution. Building your app with them will require buy-in to their entire platform.
Stormpath is an authentication and authorization service that can be added to any type of application, regardless of where it is ran, where it is hosted, or what your fronted of backend is written in. Our API does allow you to manually link different types of accounts together, e.g. password-based accounts or social accounts. See Modeling Your User Base in our documentation.
We’re adding some support to make this easier and you can follow the Account Linking feature to know when this is available.
In sum: if you want an entire platform for your application, Firebase may be a good fit. If you prefer to maintain more control over your hosting (such as using Heroku to deploy your Nodejs application and have Postgres available), then Stormpath would be the better fit.

Mobile - API server security [closed]

Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
I am building an Android app - a key part of which will include integration with a server API. The app is just a side-project and I am really just looking for validation of my planned API security and suggestions of best practice and how other apps do it.
The application will be mobile only (to start with, no website) - I want to be able to create user accounts from the app, and once signed up, use the central web API to access/update secured user-specific content.
What I have started looking at is a basic hosted MVC web app (I'm JVM/Spring background, so will likely use those libraries, but the question here is tech agnostic) - the app will have no webpages and just expose a series of endpoints:
Publicly accessible POST endpoints to sign-up & sign-in
OAuth secured endpoints for user specific content (plus of course the normal OAuth dance endpoints needed)
Is that a reasonable approach? Does using OAuth make sense when I have control over the client and server sides?
I assume the official Twitter app just uses OAuth with its API that it exposes to other users? And Instagram was launched as mobile only platform at first, so I assume they must have had in app account creation & then some API security?
(I know there are further considerations/requirements - communication over ssl, protecting your applications oauth key from people de-compiling the application and then using the key in other apps etc, but really I just want some higher-level input if people have implemented these kind of systems before with success/problems etc)
Sounds good, but any token-based sessions would work. Don't store the credentials (at least not the password) on the device. Only store the token, which can be expired, and store it securely. Require HTTPS and use certificate pinning to prevent session hijacking.

Simple LDAP based centralized web authentication store [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Internal to our work group we have a number of services running on our web server including build service, wiki, bug tracker, and some homegrown apps. Currently these all require seperate logins for each service.
The main choice i see to centralize user creation between all these services is LDAP, however i am not interested in doing the full enterprise system, attaching logins and shared directories etc all I want is a way of centralizing users in web services.
From playing with openLDAP this seems complete overkill and is a pain to set up. Is there a simpler method, perhaps speaking LDAP protocol or some other way of centralizing authentication without having to hack up custom external authentication scripts for my services?
A centralized authentication store accessed via LDAP is exactly the solution for which you seek. LDAP is
a small protocol from a wire perspective
most available LDAP servers are extremely fast
the protocol and implemented servers are simple
easy to understand
easy to administrate
easily securable
Add replication for redundancy and increased aggregate throughput and it is hard to imagine a better solution.