I am very new in this IAM and SSO area. I am trying to setup CAS server which support SAML1.1, I have gone through cas v5.3 documentation and followed the instruction there but still I am not able to setup CAS server with SAML1.1 support.
I am looking for any documentation which can help me to do so that would be great as I am not sure how I can enable SAML 1.1 support.
Related
I am configuring JIRA and confluence with sso using jasig cas step by step details given here is not full setup of CAS and JIRA configuration. how can i configure cas with Jira and confluence?
also tried to setup using saml and keycloak but was not able to make it work
We are using WSO2 Identity Server for user authentication.
We have upgraded from WSO2 IS 5.2.0 version to WSO2 IS 5.3.0.
We are using the IWA (Integrated Windows Authentication) for user authentication for our applications.
In WSO2 5.3.0 version we do not see the option to select IWA under the Authentication Type “Local Authentication” while registering the application under “Service Provider”. This option was available in WSO2 IS 5.2.0 and we were able to use it properly.
Can you please let us know if this feature is deprecated or disabled in the WSO2 IS 5.3.0 version? Please let us know the steps to enable IWA in WSO2 IS 5.3.0
From IS 5.3.0 onwards we moved to Kerberos based IWA Authentication. The motive behind this decision was to overcome the limitations faced in NTLM based IWA.
To mention a few, NTLM based IWA forced the WSO2 Identity Server to be run on Windows and the AD was required to plugged in as the primary user store.
To read more about IWA Authentication using Kerberos please refer this blog.
So to answer,
Can you please let us know if this feature is deprecated or disabled
in the WSO2 IS 5.3.0 version? Please let us know the steps to enable
IWA in WSO2 IS 5.3.0
Yes, we deprecated the NTLM based IWA Authenticator in IS 5.3.0. However, for the benefit of the users preferring to use the NTLM based authenticator we have the tag compatible with IS 5.3.0.
You can build the tag and drop the authenticator jar to IS_HOME/repository/components/dropins. Then you should be able to see the authenticator listed under local authenticators and use it as in IS 5.2.0
Are you sure it is activated in your installed instance :
Open the <wso2is_home>/repository/conf/security/authenticators.xml file and add the following lines inside the <Authenticators> tag.
<Authenticator name="IWAUIAuthenticator" disabled="false">
<Priority>5</Priority>
</Authenticator>
Source : https://docs.wso2.com/display/IS530/Configuring+IWA+Single-Sign-On
Jeff
As a requirement I need to configure 2 enterprise applications using SAML token.
Due to following listed constraints I need to write individual services for token generation and token signing.
The Constraints are:
No IdP(Identity Provider) available. No associated metadata file available.
Need to use SAML 1.1 version
Need to self-sign the SAML Response.
As part of POC I am able to generate SAML Token using 2.0 version by writing a service which is forwarding to Signing service for signing. I am able to sign it by generating certificate\keystore using Windows keytool command.
Although For SAML 1.1 Implementation using OpenSAML library I am unable to generate the SAML request message in proper format. I looked for additional libraries which could help like WSS4J which has SAML Token Profile Generator.
Also some configuration around IBM Websphere Application server (SAML Token Generater) as that is the used for hosting an application. Still could not implement the solution using the above options.
Questions:
Is it possible to do a SAML implementation without using a IdP Server ?
Can I use IBM Websphere Application Server(WAS) as IdP Server?
Can WAS be utilized for generating STS tokens ?
Any library like OpenSAML, WSS4J which can be helpful to generate & Sign SAML Tokens easily for SAML 1.1 version ?
I want to use SSO jbpm 6.2 via CAS server 4.0.0 (and cas is running on tomcat) but i don't know how to do it. I searched on google but i can't find how to config wildfly of jbpm 6.2 with CAS server.
Please help me, thank you for your help !
I have no expirience with CAS but this tutorial helped me set up jbpm 6.1 with WSO2 Identity Manager.
http://riyazmsm.blogspot.mx/2014/05/jbpm-60-sso-integration-with-wso2.html
It might not be the same but this can put you on the right track since CAS can also handle SAML. Wildfly uses picketlink to handle security federation, reading the docs will be helpful on your journey.
I've seen samples that connect an on premises IdSrv instance to ADFS, but I can't find one that connects to a LDAP IP (AD, not ADFS).
Is there a sample or documentation somewhere on this?
Thanks.
There is a contrib project for IdentityServer v1 here. Maybe you can make it work in v2 (the latest stable version).
I have found an example of using Windows Integrated Authentication in Authorization Server which is an implementation of the OAuth2 authorization framework. It was developed after v2.
But if I were you I would try to persuade your customer to install ADFS. It should be possible. Then you can use it directly as you IdP or you can set it up with IdentityServer.