I have implemented OAM SSO Authentication for my web application deployed on weblogic. Now i want use weblogic embedded LDAP to provide app level authorization. I dont want to use the weblogic authentication, just the authorization since i already have authentication handled by OAM. Is that possible? Can someone please point me to any examples, tutorials, or ideas to achieve this?
Depending on your OAM version, you need to add a OAMIdentityAsserter Provider in your WLS domain. I say depending on your OAM verison, because you need to tell it which type of cookies to use.
OAM Admin guide will tell you how to do this.
Related
Excuse my ignorance but can PicketLink be implemented as an IDP within weblogic?
I am looking to create a light weight IDP Proxy to be able to accept SAML requests and issue SAML Assertions based on simple authentication handled elsewhere so not looking for anything that provides too much.
I wondered if picketlink offered a simple API to do this and whether it would work on a welbogic domain.
Weblogic has its own, built-in SAML implementation that is tightly integrated with the rest of their platform. It is fully configurable from their admin console. Use that instead of PicketLink.
http://docs.oracle.com/cd/E28280_01/web.1111/e13707/saml.htm#SECMG252
I would like to authenticate automatically to wso2 IS with a kerberos ticket obtained from kerberos authentication (using Windows server 2K12 as KDC).
I didn't find any information related to kerberos authentication on WSO2 documentation. The list of all handled are defined here : https://docs.wso2.com/display/IS460/Managing+the+Identity+Server.
The one that is closer to kerberos authentication is the "integrated windows authentication".
Have I missed the documentation page or is it impossible to authenticate with this methods ?
I think I should go with https://docs.wso2.com/display/IS500/Creating+Custom+Authenticators but not sure about it.
Thanks.
I think, you basally need the window authentication? It means once you login to windows machine, you can access the service protected with Identity Server by default. In IS 5.0.0 version, you can find IWA authentication that can be used for external application authentication and login to WSO2IS management console. There is some aricle that explain about this. Please refer it from here you can use it.
Yes. you can plug custom authenticator.. But i guess IWA can help you to achieve this.
We have a Siteminder running in our organization and I want to use Kerberos to authenticate users.
The setup is like this:
Our appserver has siteminder agent that can authenticate users, agent connects to Siteminder, siteminder connects to active directory.
My question is this - what do I need to do on my appserver in order to be able to use Kerberos to authenticate users.
I might accept a good guide to how to do it as an answer.
This guide says you need to set your service account to system and set authentication in IIS to be anonymous only. This sounded totally crazy to me at first, but as you read on they explain how the additional ISAPI dll they have you add will intercept the SiteMinder auth and should pass the authentication through. Not sure if it's actually kerberos or not...
I am developing a Portal application and using jboss portal for this purpose. My current application authenticates the user from jboss DB, using the j_security_check servlet with username and password as POST parameters.
Now, if I use firebug or any HTTP monitor, then I can see the username and password, which is a security issue.
What is the better and secure way of authentication in jboss?
Securing web applications is a vast subject. It entirely depends on your needs.
From your post, what you want (to start with) is a secure communication. You can use SSL with JBoss to ensure a secure channel. I recommend you to take a look at the JBoss security documentation. I am sure you will have more concrete doubts / concerns when you start working with it - then we will try to help :)
I found a very good source of JBoss information JBoss in Action. It refers to JBoss 5 so many areas might be outdated, but other would still apply. I am using JBoss 6 and has been of great help.
I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support.
I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That all seemed to go fine.
I deployed a simple web app that I'm using for testing that is configured to use this realm. However, when I try to log in to the web app, it doesn't seem to even try to use the identity provider. I set the to both BASIC and CLIENT-CERT but both acted as if the SAM2IdentityAsserter wasn't set up. I played with changing the order of the asserters and tried removing the default asserter but none of this has made a difference.
Has anyone had any success doing this under WLS 10.3?
Maybe you could have a look at Implementing SAML2 SP-initiated use case with Weblogic 10.3.4. and ADFS
Best regards,
Luis
ps: now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)