I use JDBCRealm to authenticate users and I want the users need not to login again when they come back a couple of days later.
But there seems no configuration here for me to enable cookie authentication in tomcat!?
I am using tomcat 7.
This is not supported, you'll have to implement a custom AuthenticationRealm to get this feature, or switch to a framework that provides authentication methods.
Related
I have tried to find but without any success on how to use Windows authentication that is implemented in IdentityServer4 samples (Quickstart6: AspNetIdentity).
What I managed to find out is that I can use http://localhost:5000/connect/token to POST client_id, client_secret, scope and grant_type in order to get token. The issue is next. From what I have managed to find out in order to use Windows authentication, I need to use "hybrid" for grant_type, but I always get "unsupported_grant_type".
Since I want to avoid default MVC client that is in that example to work with Windows authentication, how can I use Windows authentication trough rest with provided username/email and password, so I can make my own login page for Windows authentication in for example React application?
I have also found http://localhost:5000/connect/authorize endpoint, but I don't know if I can use it for this and how to even work with that endpoint.
I'd suggest reading more about OpenID connect in general to familiarise yourself with the various flows.
When working in a Windows context I'd recommend using ADFS. The latest version supports OpenID Connect out of the box so is a doddle to integrate with from ASP.Net Core whereas the other options (direct LDAP calls or IIS integration) are more complex and/or restrictive.
That said, this article covers how to use integrated Windows auth when running in IIS on Windows: https://docs.identityserver.io/en/release/topics/windows.html
How to authenticate with liferay by passing the parameters as user email and password. If authentication is success then I will redirect to different web web application.Actually i want to authenticate user without using sign in portlet.Is there any way we can hit a url and it gives a response text so we can identify that user is authenticated. i followed this link but i didn't get proper response.
Liferay integrates with a lot of different SSO (Single-Sign-On) systems on the market. Instead of reinventing the wheel, you should use one of those integrations. This way you're free to use whatever your SSO uses to authenticate the user and it will provide your user's identity to Liferay as well as to any other application.
For Liferay EE, you also have the option to make Liferay your "SSO" by utilizing the SAML plugin and creating Liferay into an IdP (Identity Provider) and by making your other application an SP (Service Provider).
The whole field of forwarding the identity of users has been solved and one shouldn't mock around with redirecting with any self-invented authentication scheme IMHO.
I use Google Webtoolkit together with Phonegap to build a mobile app. My app is communicating over a REST APi with my Backend Server.
What I want to do is a user authentication, i.e., my app user should be able to signup and login. If a user closes the app and reopens it, he should be authenticated again if he has not logged out before.
Usually, with Spring Security you do the authentication on the server by calling the required methods. The client (browser) then contains some cookie information for a persistent login.
1. How can achieve this kind of authentication for my app?
2. Should I do the authentication as for a normal web site with the only difference that the authentication methods are called by the REST api methods?
3. Is there another way of doing the authentication for my mobile app?
I think user authentication for the mobile app will be the same as for a normal web-app.
The Spring backend will create a session once a user is authenticated. By default the user is authenticated for the duration of the specific session (until the user closes the browser/app).
Spring Security has a Remember-me functionality that is typically based on a Cookie approach and allows the user to be re-authenticated automatically..
I don't know if phonegap work with Cookies (see here for some pointers). I guess it depends on the plattform (if webview supports cookies).
May be this will help you I wrote an article that show how to adapt Spring Security to secure REST services.
You can check it in here : http://crazygui.wordpress.com/2014/08/29/secure-rest-services-using-spring-security/
I also posted a working example which shows how I did use that with GWT on GitHub.
I've written a couple of asp .net HTML applications designed for use on small blackberry devices. The BB OS versions are from 4.6 to 5.0.
The sites use Windows authentication to log the user in. Is there a way to allow the user to logout of the applications so that any further revisit will prompt them for the NTLM credentials again?
Thanks,
Brian.
If you are using an MDS proxy it's that handling the NTLM authentication to the end server. You will likely be using basic authentication between the phone and proxy.
There isn't an MDS API that will tell it to re-authenticate. The best you can do via MDS is bypass authentication all together but then you will need to manage NTLM yourself:
What is the correct header value to bypass MDS HTTP authentication?
Another option is to write your own logout API on your .NET application which deletes your session cookie. That way MDS will be forced to re-negotiate NTLM at the next attempt.
note: The bypass option is available in Enterprise Server 4.1.7 and above, it's not available in the simulator.
I have several Web applications all running in WebLogic 10 and I want to authenticate the users using SSO and WebLogic's built-in SAML 2 SSO support.
I configured a SAML2IdentityAsserter on the security realm and created a Web SSO Identity Provider Partner that uses the meta-data from the identity provider that I set up earlier. That all seemed to go fine.
I deployed a simple web app that I'm using for testing that is configured to use this realm. However, when I try to log in to the web app, it doesn't seem to even try to use the identity provider. I set the to both BASIC and CLIENT-CERT but both acted as if the SAM2IdentityAsserter wasn't set up. I played with changing the order of the asserters and tried removing the default asserter but none of this has made a difference.
Has anyone had any success doing this under WLS 10.3?
Maybe you could have a look at Implementing SAML2 SP-initiated use case with Weblogic 10.3.4. and ADFS
Best regards,
Luis
ps: now, It seems that we have got the right configuration, we are able to sign in our SSO System but we get and error from our Idp. You need to set up the security in your app through your descriptors (web.xml and weblogic.xml). Take a look at the configuration of your weblogic app console: $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/web.xml and $WEBLOGIC_HOME/wlserver/server/lib/consoleapp/webapp/WEB-INF/weblogic.xml)