I implemented a web service with JAX-WS, and my service client is implemented with JAX-WS too, and the client can talk to service with WS-Security username token profile authentication.
Now I want to deploy this service to JBoss 4.2.3 and want to replace the custom authentication with Java EE container authentication.
I read some documents on JBossWS, and did some configuration by changing/adding web.xml, jboss-web.xml, jboss-wsse-server.xml, login-config.xml. But JBoss always sent 401 response to the client (the client SOAP request contained correct username token profile header in it).
Any help is appreciated.
Is that possible to implement such requirement via JBoss configuration?
Or show me a simple example/steps for configuring JBoss for authentication with WSSE username token profile.
Or how can I debug what's the problem with my current JBoss configuration.
Answering my own question, here's a step-by-step tutorial available:
http://community.jboss.org/message/338347
Related
I have an internal application hosted on AWS with https. I need help understanding how to implement SAML authentication to my web application. I am using Spring Boot for my backend and AngularJS for my front end. I am using ADFS as my IP. From what I gather, the following are the steps.
Get a https URL for your application
Create a basic ADFS trust.
Add the roles on ADFS
Get a metadata URL and enter it in your application.properties.
I am trying to implement SAML for the first time and have confused myself completely. Any thoughts shared would be greatly appreciated.
Your Spring Boot application needs to be a Service Provider (SP) that trusts your ADFS Identity Provider (IdP) and you ADFS IdP needs to trust your SP. This trust is usually done using the SAML2 metadata profile, i.e. the SP and IdP SAML2 metadata files.
You can either design your application as a 'standalone', i.e. no SAML ability and put something in front of it that understand SAML and blocks all requests until the IdP sends attributes. This is how the standard Shibboleth SP works but it needs Apache. The other option is to use the framework to plumb in the SAML capability such as Spring Security SAML
I am using Wso2 Oauth2 password grant for authenticating the user in my application. I need to implement two factor authentication using sms and email in my existing workflow. I have gone through the Wso2 documentation found authenticator for Email and SMS.
https://docs.wso2.com/display/ISCONNECTORS/Configuring+EmailOTP+Authenticator
https://docs.wso2.com/display/ISCONNECTORS/SMSOTP+Authenticator
But these documentation deals with SAML.
Is there any documentation for Oauth2 workflow or How it can be achieved ?
Need help on this
Thanks
I assume you have configured a service provider with OAuth/OpenID Connect Configuration type in WSO2 Identity Server. You need to do the Local & Outbound Authentication Configuration in this OAuth Service Provider. Hit edit for that SP and expand Local & Outbound Authentication Configuration. Click on Advanced Configuration and do necessary configuration there.
Refer https://docs.wso2.com/display/ISCONNECTORS/Configuring+EmailOTP+Authenticator and follow the steps starting from Step 9 in Configuring the Service Provider section.
Is it possible to run IdentityServer3 in IIS (hosted in IIS) with only Windows Authentication enabled? Is it mandatory to have anonymous authentication also enabled? if so, why anonymous authentication is required?
I am running "MVC OWIN Client (Hybrid)" sample application and try to access the IdentityServer3, which is configured only with Windows Authentication in IIS. I am getting response as unauthorized, looks like "MVC OWIN Client (Hybrid)" sample is trying to access the ../dentityServer3/.well-known/openid-configuration' and failing, because anonymous is disabled.
Any suggestions?
The Microsoft OpenID Connect middleware makes a request to the discovery endpoint to download issuer metadata. This assumes that anonymous access is enabled.
You'd need to statically configure the middleware instead. You try to configure a BackChannelHandler that has Windows authentication enabled. Should work but haven't tried yet.
I'm trying to setup saml sso with openam and weblogic.
The reason why I want to use saml is that I have multiple application where I can't change the web.xml to use the j2ee agent.
My question is if there is a good document explaining the setup with weblogic and openam.
I have read several guides, but I'm still confused...
Just looking for a good howto!
My current setup is
openam on tomcat installed on host1
weblogic installed on host2.
Webapp deployed on host2
So openam will be the IdP and weblogic will be the SP? right?
I have configured the openam hosted IdP.
I have added the saml identity asserter on weblogic and configured a web sso identity provider partner.
You can configure WebLogic to enable SAML SSO implementation. This requires the following steps to be completed.
WebLogic and IDP(OpeanAM) should be coupled - you can register OpeanAM as an authentication service provider inside WebLogic container using the administration console.
This requires a SSL communication, hence ideally, it's better to install a SSL certificate inside the container.
WebLogic can be configured to implement SAML SP (Identity asserter and Assertion consumer) by configuring the required through the administration console.
In fact it can be configured to work as a Credential mapper and Assertion receiver on the same way.
All these steps can be done inside a single WebLogic instance or between instances using a WebLogic federation.
Please refer the below link for more details.
I don't think WebLogic itself can act as SAML SP. Every application has to implement an SAML SP. Doing this via Spring Security SAML extension is quite neat. If you want more efforts look at the OpenAM Fedlet (it's also a lightweight SP). However the sample app generated when creating the Fedlet is not too helpful. The 'Fedlet' is not the sample all ,but more or less the jars and metadata included in the sample app.
I'm trying to add Basic Authentication for my web-service based on Axis2.
Tomcat successfully pass auth data to web-service code but weblogic uses this information for its purposes (tries to authenticate the request).
Is it possible to configure weblogic to allow passing auth data depends on URL for example?