Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking for code must demonstrate a minimal understanding of the problem being solved. Include attempted solutions, why they didn't work, and the expected results. See also: Stack Overflow question checklist
Closed 9 years ago.
Improve this question
Is this possible to integrate Worklight Application Center with WebSeal?
I tried integrated the solution as described by the link
http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.express.doc%2Finfo%2Fexp%2Fae%2Ftsec_sso_ws_step3_sso_create_junct.html
But the login form of the Worklight Application Center still appears after users login by the webseal.
I think you will find the article and sample project linked from this page helpful:
http://www-01.ibm.com/support/docview.wss?uid=swg24034222
Yes it is possible. The Application Center authentication and authorization mechanism uses the J2EE standard so is completely based upon the security layer of the application server.
So you need only to configure the definition between WebSeal and WebSphere Application Server especially the creation of a junction and by enabling SSO using the TAI.
This concerns the AppCenter console. Concerning the AppCenter client as it uses basic authentication to call the Application Services it should also work.
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
i use firebase to send notifications to my webapp, i enable it from google cloud, it works good with http request, but now i want to send messages from console but i can't find Web option
While it is possible to target messages to web users through the FCM Notifications console, it looks like the icon to create a web app is missing from the initial FCM screen for you.
For me it shows these options:
As a workaround, you can create add the app descriptor for your web app on your Project home screen, and then return to the FCM page to send a targeted notification.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
We are developing few micro-services using spring boot.These Rest API's will be consumed by mobile application. What is the best and recommended ways to secure these API's for mobile application using the spring boot framework itself. I'am not experienced with securing the api's for mobile applications.
Your advice's are highly appreciated here.
Need to consider these areas.
How to generate tokens
How to store token
How to refresh them and expire them.
When the mobile application should receive the token
Thank you
I suggest using ready-to-use solutions for Identity Management like an open-source Keycloak or paid providers like Auth0 instead of reimplementing the wheel of security on your own. There are simple Spring Security adapters for both named options.
The typical approach is to use OAuth2 with Authorization Code Grant Flow extended with PKCE (https://www.oauth.com/oauth2-servers/pkce/).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I am working on a PoC Project to verify blazor to be the right technology for our company internal web frontend applications. We have an internal identity provider (IdentityServer4 impl.) which I want to authenticate with. In the older projects where angular is being used, we use the javascript oidc client with implicit flow. As far as I understand OIDC, implicit flow should be perfectly fine for a blazor WebAssembly single page application. We have no dedicated server application for that particular frontend, just a few microservices where the frontend fetches data and therefore needs to provide an access token.
An OIDC client library or some example code (ideally both) would be really helpful.
Thanks!
I was in a situation where I needed an extendable library for Blazor WebAssembly supporting OpenID Connect (OIDC) with Proof Key for Code Exchange (PKCE). Therefore, I have created the open source ITfoxtec.Identity.BlazorWebAssembly.OpenidConnect library which is JavaScript free and pure .NET.
I would recommend you to give a try to Blazor.Auth0 (author here).
Blazor.Auth0 is a library for using the Authorization Code Grant with Proof Key for Code Exchange (PKCE) with Auth0's Universal Login in Blazor SPAs.
If you're not interested in adding/using a third-party service then at least the source code would help to drive you in the correct path.
I hope this helps :)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 4 years ago.
Improve this question
I want to learn about the WSO2 UserAdmin interface, but did not find the relevant document describes this part.
I can get UserAdmin.wsdl, but there is no explanation about the parameters.
Who knows is there a detailed description documentation about UserAdmin interface?
If you need the User Management functionality for WSO2 Carbon product. It is exposed through following two web services APIs in WSO2 carbon.
Remote User Management API: this is recommended to be used by external client applications.
UserAdmin service: this is mainly to be used by carbon UI client.
Therefore it is better to use the RemoteUserStoreManagerService service. It is available with the WSO2IS and also can be install with any other WSO2 product. RemoteUserStoreManagerService service contains simple API. You can even identify by looking at the WSDL. I do not think there is a public doc on this. But you can even try this service using SOAPUI tool. Therefore you can get much idea about the methods.
https://localhost:9443/services/RemoteUserStoreManagerService?wsdl
Also make sure that when accessing AdminServices of carbon from an external client, you need to first authenticate as the admin user. Basically you need to send admin user/password in basic authentication header
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 7 years ago.
Improve this question
I am currently developing an application that will have a regular web interface but also a RESTful API that will be used mostly on mobile phone apps. I am using the Rails OAuth-plugin here, so my API supports OAuth 1 and 2. This works all fine so far.
The only problem I have is with testing the API. I have found some tools that I can use to make requests to my API like RESTConsole for Chrome or RESTed and they all can test OAuth, but they don't provide an API themselves that I can use as the callback service. When I register an OAuth client in my application I have to enter some fake callback URL, do the authorization process and then get the OAuth token from the database and insert it into the console manually. Especially when testing the revocation of tokens this gets pretty cumberome.
Does anybody know of any test clients that can totally automate the testing process? That means that the test cleint includes some sort of callable endpoint that I can use as the callback URL for my app...
Thanks for your help in advance. I've been searching the internet for quite some time now and this is my last resort before starting to develop my own.
I will be going to accept Jon's answer, although I am not very pleased with the solution ... Whoever is interested, I'm going to roll my own little test client. If anybody is interested: https://github.com/klaustopher/knole
Apigee offers a free API Console that supports a large number of authorization schemes, including OAuth 1. Not sure if it supports 2-legged OAuth, but you can definitely define a callback within their service.