I have been trying for many days to create a custom authentication plugin using OpenID for Joomla 2.5. I first used this extension: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/5366. It has a CAS plugin, but no OpenID plugin. I tried to use the CAS login plugin format for OpenID but my level of joomla/php/openid/cas knowledge is insufficient and it does not work.
I have also tried to use some available libraries such as lightopenid. It works on a custom-built website based on php, but I have tried to apply it to Joomla 2.5 with no success.
The next alternative is to use Janrain's OpenID (which was used in Joomla 1.5 actually). I am in the process of adapting the code from Joomla 1.5 to 2.5.
Has anyone been able to successfully develop a custom authentication plugin using OpenID for Joomla 2.5? Which of the above methods would you recommend? I do not want to use 3rd party apps such as Social Login and Social Share (which currently works), but to have it in-built into the normal Joomla login module.
Hope to be able to receive some help in developing such a plugin.
Joomla! 1.5 has a default-installed plug-in which allow user to log-in with open ID. In Joomla! 2.5 this plugin is not installed.
If you want to use OpenID Authentication and if you want a free extension you can download it from here: http://socialjoom.net.ru/component/option,com_jdownloads/Itemid,75/cid,46/task,view.download/ .
ALSO you can simply install Social Login extension:
http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based/20465 . It's commercial...
All extensions are here: http://extensions.joomla.org/extensions/access-a-security/site-access/authentication-cloud-based
PS: I haven't tested these extensions.
I hope this will help you.
The purpose of using an external authentication system (login page) instead joomla login page/module, is due to make sure that the access is secure and make possible to left a session cookie to allow single-sing-on if you are in an internal environment in wich webs/apps log through this external authenticator, so navigate to a login page from the authentication system is an standard.
If you want to use API OIDC calls to make your joomla login works with the authenticator, in this case, your credentials were exposed to risks/hacks and you couldn't get SSO between applications.
Related
I use voyager for my website admin which is in laravel, and I want to implement Microsoft Authenticator for admin login, I have check many link but not getting proper solution, Can Some one please inform how can I implement Microsoft Authenticator with laravel.
You can use Laravel Fourtify
It will allow you to create a custom 2FA system, you can link it with the Microsoft Authenticator app and use it as per your system requirement. Hope this help you
Yes, Laravel Fortify is the way to go. There is additional documentation in Jetstream about setting it up. Jetstream uses Fortify under the hood.
It can be configured to use any TOTP authenticator application and generates the QR Code and recovery codes as well. Myself and others I know have had some issues using the Google App as a "user/client", but in my experience so far MS's Auth-app has not given me any hassles.
I would like to authenticate users against Active Directory using LDAP. Is it possible with OpenIddict ?
Currently, I have Front end (Angularjs) + Back end (Web.API with ASP.NET Core and OpenIddict) which works perfect. Part of users use individual user accounts and they will continue. Another part of users should use AD accounts. It is inside internal network and would like to use already existing Active Directory for that.
Please suggest any solutions for that.
Thanks.
Please suggest any solutions for that.
OpenIddict is never responsible of the login/authentication part, so you can freely implement it to use LDAP with both interactive flows like the code flow and with non-interactive flows like the password flow.
If your AD servers can run Active Directory Federation Services, I'd recommend using it, as it's the best way to achieve what you want.
Depending on the version you're using, you'll be able to integrate with any ASP.NET Core app quite easily (the 2016 version supports OpenID Connect while the previous one supports OAuth2: both can be used with the OAuth2/OIDC middleware developed by the ASP.NET team).
If you can't use ADFS, another option is to use Integrated Windows Authentication. It's currently only supported when hosting your application behind IIS or when using WebListener.
If none of these options work for your scenario, you can opt for the "low-level LDAP validation" route. Though it's not officially supported by .NET Core, there are a few libraries developed by the community that you can use: https://github.com/dotnet/corefx/issues/2089#issuecomment-231994908.
We are developing saas web application on SAP HANA XS Engine.
We have subscription based product packages and we want to manage user authentication on web. So, we removed XS Engine authentication.
Now we have login page that use XSJS methods for authentication. It is working for login page and it redirect to another page. However, I don't know how can I control session in the redirected page. How it is working in XS Engine.
Could you provide some information about this?
According to this documentation it seems SPNego or SAML is suitable for us. But, I read another document that says SAML is no longer available after SP 8.
If you are using HANA Cloud, you can activate the SAML or LDAP login, and works with SSO, btw you need to develop some code to integrate this
OR
On login page, you can create a TOKEN, and authenticate every request based on this TOKEN, this solution is good to SP9 or SP8
OR
You can use $.session to manage sessions, available on SP10 and later
I'm writing an application, and I've only had experience using a custom login module with Glassfish fo handling user login. If deploying in the Cloudbees cloud, I'm assuming that providing a custom login module is not a possibility, correct? And even if it is, I don't think I really want to use that method. What mechanisms do you use to secure you application, having user accounts, etc? If you use an OAuth provider, did you write one yourself? If so, can you point me to an example so I can do the same?
Thanks.
John - I have used openid in several places - that seems to work well. I expect a similar solution exists for oauth using servlet filters or similar.
The cloudbees "grandcentral" service is an openid and oauth (I think) provider - for cloudbees accounts.
In theory you should be able to do the same - even if you have to run an embedded glassfish as a zip of jar files with a main launch class.
I have 2 websites on the same server: one is made by joomla 3.0 (php), the other by spring framework 3.2 (java).
I would like to have a SSO with minimum code: people can sign-in from one website and they don't need to sign-in for the other.
I thought to openid. But I don't want everybody having an openid to sign-in, so I have to provide my own openid server. Is it a good solution? Is there any better alternative?
I resolve the problem by using cookies: both websites are in the same domain. So I coded an external authentication plug-in for Joomla 3.0.
Hello I come back after more than 4 years.
In my new architecture, I use JWT now.
So instead of having juste a simple cookie, you can share jwt pass_phrase between servers and store generated jwt in a cookie or in a local_storage.
It's more secure and not dependant of OS/framework/language.