What is the best way to share authentication information between two unrelated applications. Is there a standard for this?
For example, if I use MoinMoin and vBulletin on a same website, is it possible for both systems to share the same authentication information (i.e. so, a user will only need to signup for 1 to have a common login for both)?
Possible yes. Worth the effort? I'm not sure. I would look at one of the open authentication systems such as OpenID to get this kind of thing to work.
Related
First of all, I apologize in advance for my naïveté on the topic.
I am trying to create a few microservices that are exposed using an API gateway. A few of these services will need credentials from Google account to access Google Calendar/Gmail etc.. is there any way for a user to only have to login once so that the credentials are all shared between the services? Or should only one service be facing the Google services with credentials?
It seems possible, you can ask a user to authenticate and authorize all permissions your application will need, all at once. But think about the user, when an application requires to access gmail, hangouts, photos, camera, etc. at once, the user normally disbelieve the application. So, the recommended approach is asking for the specific permission when the application requires it so that the user can realize each action you app do.
There exist many different ways to address your question depending on details, however the following link can help you to know where to start:
This link (Google Sign-in) has a wide context on all the Identity mechanisms to look for the most appropriate for you.
This another one explain all possible Identity mechanisms for specific use cases.
This authentication example for Google Calendar is useful, but this post explain how microservices authentication and authorization was solved.
I am building a web application with front-end coded in angular. The front-end will access a bunch of web-services coded in Java/Spring. There might be other ways that people may try to access the webservices such as from a desktop tool. Now I need to secure the whole infrastructure.
I need a way to maintain a user repository, i.e. provision users and manage users, roles etc.:
users should be able to register themselves and have their emails verified.
admin should be able to approve users and assign them roles, delete users, update them etc.
I also need single sign on functionality. So once you login through the webfront end, you should be able to access the REST based webservices seamlessly (depending upon the role you have).
I do not need to support millions of users, so something light-weight will be preferable.
I am looking for open-source solution(s) that can:
allow user management (ideally over REST based API and have its own user interfaces as well)
allow single-sign-on functionality for web frontend and webservices, and potentially for desktop apps that may need to be implemented.
I have tried Apache Syncope which seemed promising as it provided REST based APIs. I am thinking of using it with CAS. However, the default UI seemed kludgy and CAS doesn't directly support REST.
I am looking at Shibboleth and OpenIDM as well - but none seems to be meeting my requirement directly.
I'll appreciate any suggestions on what options/stack can I consider for this. Ideally, a single solution or a well integrated solution on Java/Spring stack might work better for me.
you should have a look at https://github.com/openMF/mifosx for Java and Springs RESTFull Web service.
and https://github.com/openMF/community-app for there AngularJS web app.
plus you can also find a live demo link on there repository.
username is mifos and
password is password.
it is ment for microfinance but you can study its architecture implementation and use there core functionalities, it is really amazing.
I have a question about API authentication/authorization. I may have some trouble articulating the question, so bear with me.
First of all, I understand how to authenticate end users via an API. That's no mystery to me.
What I want to do is authenticate certain apps as users of my API. I would have some roles so that each user would have different privileges depending on that user's role. You can do different things depending on whether you're one of my mobile apps or you're some third-party API consumer.
Has anyone done this sort of thing, where you have not end users talking to an API, but "app users"? Is there any documentation you can point me to about it? Does this practice have a name?
This type of authentication is known as application authentication (as opposed to user authentication).
Twitter provides a good overview of how to achieve this with Twitter applications. The article also serves as a good introduction to the general practice of application authentication.
https://dev.twitter.com/docs/auth/application-only-auth
I'm developing a website with Codeigniter that's probably going to relate and connect with multiple services and frameworks:
Magento for e-commerce
Wordpress for Blogging
Maybe Buddypress for more social features
Mailchimp for Newsletter delivery
I shouldn't forget about Facebook Connect, I guess...
Maybe it's a messy approach but I try to avoid inventing the wheel. And prefer to use the best software for the task. The thing is I will need an authentication layer to share an user object between all the services. My goal is to have a single register form that will grant you access to all services (shopping, blogging, subscribing to the newsletter).
I'm thinking I should have my own user database and a global authentication system (is there something open-source?). Then, users on the services are created behind the scenes. Any ideas on how to approach this task?
You need to have separate login database in order to manage all your application, first you need to develop a common library to share user authentication layer,
So you can manage n application with just one user database
Naser
You can probably find a lot of Single Sign On libraries or modules to help you with the SSO part, but you'll probably have to manually have them talk to the same tables and fields to make it work.
I would suggest you start with setting up your simple SSO with facebook, google and the others for your user information to external services like MailChimp and then google for third-party addons with 'single sign on' as keywords for whatever application you need to have working together.. This could enable you to extend your magento, wordpress or whataver installation to communicate with eachother.
I'm just wondering how cross-site authentication is handled for completely external companies?
e.g. My site acts a "portal" onto another completely external site.
Is there a standard way of doing this so the user is not prompted to log in again?
I know with e.g. eBay-> PayPal you have to re-authenticate, but is this the only/most sensible way?
It's going to depend on what that other site uses as an authentication method.
Look at SAML (which in essence a way of saying to the other site that they can trust your assertion that this user is who you say he is). OpenID is another system doing much the same thing.
In general, this is federated identity management,
In my opinion the best way to do this is to create a third application which is responsible for authentication and permissions. I've written a blog entry about one such application I've created for my own pet projects.
http://www.netortech.com/Blog/Entry/12/Web-passport-services