How to migrate from IdentityServer3 to Duende IdentityServer6? - upgrade

I have an IdentityServer3 used by multiple applications. The clients, scopes, flows, urls etc., of the IdentityServer3 are persisted in an MS SQL Server. I want to upgrade the IdentityServer3 to Duende IdentityServer6 as the support for the former is going to end (even IdentityServer4 is not supported anymore). Could you advise the best possible way to migrate to Duende IdentityServer6, please?
Are there any straight-forward commands which will do the migration automatically?
If not, creating a brand-new Duende IdentityServer6 solution and copying the existing logic from the old IdentityServer3 solution is the only way?
Can we re-use the same MS SQL Server for the migrated Duende IdentityServer6 as well?

Related

WSO2 Identity Manager 5.6 : backup and restore procedures

Good morning,
I looked in the forum here and could not find the answer. If I overlooked it, I apologize...
I just joined an existing project team using WSO2 Identity Manager 5.6 and API Gateway.
I understand that WSO2 Identity Manager is made up of several components, among which openLDAP (which contains a Berkeley database) and a postgreSQL database.
The current backup / restore procedures simply 'tar' the whole directory which contains all files related to WSO2 (including directories which contain database files), without stopping WSO2.
I'm a bit doubtful about this type of process for backing up. Is that the right thing to do?
If not, what would the right procedure be?
If I understand correctly, postgreSQL is only used for WSO2 'internal state data' storage, so backing it up may not be useful. So I'm thinking that maybe an export of openLDAP (slapcat command) be enough.
Backing openLDAP is probably not enough. Depending on how the WSO2 components (IS + APIM) are installed, you may also have H2 DBs for the local registry, Solr indexes for the UI, Velocity templates for API deployments, and/or Synapse XMLs for the APIs.
I recommend you to first compare your installation directories and files with the vanilla zips so you know how is it configured before changing your backup process.

Keycloak configure with PostgreSQL

I develop Spring Boot Rest API project using JDBC and the database is PostgreSQL. I added authorization with Keycloak. I wanna use User Federation because I would like to use Users in my PostgreSQL DB. How can I use it and other ways not to use User Federation?
I have faced the same problem recently. I have different clients with different RDBMS, so I have decided to address this problem so that I could reuse my solution across multiple clients.
I published my solution as a multi RDBMS implementation (oracle, mysql, postgresl, sqlserver) to solve simple database federation needs, supporting bcrypt and several types of hashes.
Just build and deploy this solution on keycloak and configure it through the admin console providing jdbc connection string, login, password, the required SQL queries and the type of hash used.
Feel free to clone, fork or do whatever you need to solve your issue.
GitHub repo:
https://github.com/opensingular/singular-keycloak-database-federation
I'm doing similar development but with Oracle and JSF.
I created a project with three classes:
one implementing UserStorageProvider, UserLookupProvider and CredentialInputValidator
one implementing UserStorageProviderFactory
one extending AbstractUserAdapter
Then I created another project which creates an ear file containing the jar file generated in the previous project plus the driver jar file (of PostgreSQL in your case) inside a lib folder.
Finally the ear file is copied in the /opt/jboss/keycloak/standalone/deployments/ folder of the Keycloak server and it gets autodeployed as a SPI. It's necessary to add this provider in the User federation section of the administration application of Keycloak.

IdentityServer and windows authentication through wsfederation

this is newbie question about identityServer and windows authentication. The samples provided with IdentityServer3 with windows authentication seem to implement it using WSFederation, like the one provided in this link https://github.com/IdentityServer/IdentityServer3.Samples/tree/master/source/WebHost%20(Windows%20Auth%20All-in-One).
The newest samples with identityserver4 are using a different approach without Federation. Are these approaches equivalent? Are there benefits in one approach over the other.I can understand using Federation for ADFS, but not for Windows authentication with AD. I know I am missing something can't figure it out. What is it? Thanks.
Identity Server 4 is based on .NET Core which currently does not support WS-Federation so if that is a requirement you should stick to Identity Server 3 on the "standard" framework.
According to the devs there's a "test" version out for WS-Fed but if it will be included in the final release of .NET Core 2.0 is still uncertain.
See https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/issues/500

Microsoft Sync Framework with MongoDB

we are developing a multiplateforme mobile application thats support synchronization with NoSQL backend, we are looking if Microsoft Sync Framework 4.0 CTP can be used to solve all synchronization problems using a non-microsoft backend,
Sync Framework 4.0 allow several devices on any plateforme to achive synchronization tasks by exposing an oData service, this can be done by using Sync Framework Toolkit, but use SQL Server or SQL Azure as backend on the service side,
the application we are developing should use NoSQL database server (MongoDB) on its server side and I realy dont know if Microsoft Sync Framework could be used with this DBMS and how it should be done,
if someone have achieved this by customizing Microsoft Sync Framework provider please share your experience, links or any helpful things,
thanks in advance,
there is no out-of-the-box sync provider for MongoDB, so you will have to write your own.
assuming you can write your own, you will have to modify the Sync Toolkit server side component to replace the SqlSyncProvider with your custom MongoDB provider.
I suggest you check out the licensing of the Sync Framework Toolkit as well. if I remember it right, the client components is on Apache license but the server side is on MSPL.
#Mrinal :
I started writting a Microsoft Sync Framework MongoDB Provider but i realized later that i had to implement a good part of Sync Framework, so I have removed all dependencies between Sync Framework and Sync Framework Toolkit to take juste the infrastructure part of Sync Framework Toolkit and i implemented my own synchronization logic inside, i've also updated the client side to use my NoSQL To SQL ORM to store data on Client-SQLite db.
I suggest you to use SyncFoundation if you have no time to do all this tasks, Sync foundation is a lightweight version of Sync Framework but more flexible if you have to use a non microsoft backend, the home page of sync foundation is (https://github.com/mschoneman/SyncFoundation).

Preferred database management system for Objective-C (iPhone apps)

What would you say is the best candidate for a DBMS for use in iPhone apps? The database would be online, not on the device, so a back-end updating administration interface would be most beneficial (like phpMyAdmin is for MySQL).
I only know of MySQL (not sure if it can be used for iPhone with satisfactory results), and SQL Lite, are there any other managements systems that would be great for performance as well be reliable.
Thanks in advance.
the choice of the DBMS has nothing to do with the iphone .. likely the iphone will connect to a web service (weither SOAP or REST). the web service will be the one using the database not the device.
If the database is online, I wouldn't recommend any kind of management system on the device. I would probably recommend implementing some kind of web service and communicate to the database server and its own DBMS via the web service.
Anriƫtte, I seem to have bumped into two common scenarios
For my corporate clients, they use SQL server as their database and .Net as their server API.
For my non-corporate clients, we usually use MySQL with a PHP or a Ruby on Rails server.
In both cases, I use JSON on the iPhone to talk to REST services on their servers. This works great.
Both DBMS above have good management tools. I usually use the MySQL GUI tools or SQL Server GUI tools to administer the database. Lots of people (not me) like the PHP MySQL admin tools because they are web based. Please do not use a personal database on the server like SQLite, Access of FileMaker, they do not scale.
I did once write an Objective-C program that accessed MySQL using its C++ libraries, not a good idea.
My advice: Ruby on Rails REST using JSON on top of a MySQL database on the server side.