I know glassfish can authenticate against an LDAP server, I also know it can authenticate against my own database. What I would like to do is authenticate users against LDAP, but get their roles from my own database.
Where would I start learning how to create my own custom authentication module?
HERE is the step-by-step instructions of how to do this.
See the Glassfish security FAQ, specifically "How do I write/configure my own login module and plug it into GlassFish?"
and this sun document
Related
Is it possible to use keycloak with custom DB? E.g. we have a database where we have all the users and their password. Can we use keycloak with that database or do we need to add each user to keycloak and have to keep our-user-db and keycloak-db in sync ?
The answer is YES. In User Federation, you can add LDAP or kerberos with Keycloak supported. And you can develop custom User Federation.
Custom Provider tells you can achieve your goal. But from hereļ¼ it says you can migrate from early User Federation SPI. This User Federation SPI can be created in Keycloak 2.4.0 with the APIs at that version. On keycloak website, I just find 1.9.0, it says there's a provider/federation-provider sample you can refer. Maybe you can try to find 2.4.0 bundle and sample to do your work.
After you create your User Federation SPI, then you refer here to migrate. You can choose to import or non-import.
I have implemented OAM SSO Authentication for my web application deployed on weblogic. Now i want use weblogic embedded LDAP to provide app level authorization. I dont want to use the weblogic authentication, just the authorization since i already have authentication handled by OAM. Is that possible? Can someone please point me to any examples, tutorials, or ideas to achieve this?
Depending on your OAM version, you need to add a OAMIdentityAsserter Provider in your WLS domain. I say depending on your OAM verison, because you need to tell it which type of cookies to use.
OAM Admin guide will tell you how to do this.
I'm involved in an Java Web Application Migration project to IBM Websphere Portal (IBM WP) Platform.
The actual application in production environment validates manually user credentials (username and password) against a Database Table that stores the data. I understand that the idea behind a Portal application is that the Portal Container handles this Security issues, but I'm not sure how IBM WP can consume the credentials that now are on Database.
There's a brand new Tivoli Directory Server in the Company, and I'm aware that I can't connect IBM WP to this LDAP Server so, do I need to migrate every user in the Database to this LDAP Server, or there's a Way that Tivoli recognize the credentials that are on the database?
Trust Association Interceptor are powerful, but they totally override Websphere Authentication mechanisms, so be sure to write a quite robust one! As Carlos Gavidia suggested, I'd also give a look to Custom User Registry. I'd also suggest to consider Property Extenstion Repository (also know as Lookaside), so you can define your own attributes and read/write them directly from Portal API
http://www-01.ibm.com/support/docview.wss?uid=swg21248674
You can hook in any kind of custom authentication you need using a Trust Association Interceptor. Your custom authenticator would probably work a lot like the authentication code in your existing system. It would display a page prompting the user for their credentials, and then check them against the DB.
I'm not sure how this relates to your Tivoli LDAP, but there seems to be a provided TAI for TAM integration: Tivoli Access Manager Trust Association Interceptor (TAI++)
Currently we are having a servlet application which is getting authenticated against the Jboss portal.But now we are forced to move to Liferay portal from Jboss portal, we need to find the way to authenticate against Liferay portal Database from my servlet application.Currently in my servlet application , I am using webauthentication class to authenticate against Jboss portal.But in liferay I am not finding any custom class which is responsible for doing the servlet authentication. So do I need to write my custom login module ? Anybody please share me if u have any idea/reference on servlet Liferay authentication
Any help is appreciated..
Regards,
Suresh
Take a look at com.liferay.portal.servlet.filters.autologin.AutoLoginFilter specifically at getLoginRemoteUser method.
Also take a look at classes in com.liferay.portal.security.auth package.
There's a virtual LDAP plugin for Liferay, offering the Liferay user database through the LDAP protocol. Caveat: It seems to be "enterprise edition" only.
How openDS and openAM can be configured together to authenticate data.... ?
Is this possible that openDS is installed on some other machine on network and openAM is using it and if yes then how?
What is the use of LDAP here?
What is the use web agent and policy agents?
Please help me to find answers of these questions....
These questions are the basis of OpenAM and I recommend that you read some introduction materials about OpenAM. A good reference is the OpenAM book published by PacktPub : https://www.packtpub.com/openam/book.
OpenAM is embedding OpenDS as its configuration datastore, and can leverage OpenDS (or ForgeRock led OpenDJ, the continued open source LDAP directory project derived from OpenDS) as the user data store. In both cases, OpenAM interacts with OpenDS using LDAP, as OpenDS is an LDAP directory server.
OpenAM Installation guide describes installation of OpenAM with OpenDS/OpenDJ as the User datastore installed on a different machine: http://openam.forgerock.org/doc/install-guide/OpenAM-Install-Guide.html
Web agents and policy agents are software agents that are installed on Web applications to communicate with the OpenAM service and provide Authentication and Authorization.
Kind regards,
Ludovic.