I am using OKTA and jump cloud but neither have support for SAML artifact binding. Can any one suggest a provider for SAML artifact binding?
The Shibboleth Identity Provider supports SAML2 and SAML1 artifact binding.
More at https://www.shibboleth.net/products/
Related
I am building a web application where users have to provide my web application access to their repositories in GitHub| Bit bucket| Git Lab | any other code hosting platform.
I have implemented it through OAuth2 for which I had to create client applications on all platforms separately.
Initially it was scoped only to GitHub | Bit Bucket but now I want my web application to support all other major platforms as well.
So my current implementation requires me to create client applications for all other plat platforms which is a hectic because We want to give support for On-Premise version control system as well.
Is there a secure and generic way to authorize to version control system ?
One solution is that user directly provide their Personal Access Tokens (Encrypted) to my web application so that my application can save these PAT and use them to pull the repositories in future.
But I wonder if this is a secure enough or a standard method. If not then what might be the appropriate solution to this problem.
You might need to use an Oauth2 provider like:
dexidp/dex, an identity service that uses OpenID Connect to drive authentication for other apps.
Dex acts as a portal to other identity providers through "connectors", which do support your targets
or casdoor, an Identity and Access Management (IAM) / Single-Sign-On (SSO) platform with web UI supporting OAuth 2.0, including some of your targets.
Oauth2 is not the only option, as illustrated by SmartGit
After some reflection I realized that I actually haven’t had authentication problems with SmartGit and Azure DevOps for quite a while, so I spent some time experimenting to figure out just how SmartGit is authenticating to my repos in Azure DevOps.
I ultimately determined that it uses Personal Access Tokens via the Git Credential Manager.
So explicit support of PATs by SmartGit probably isn’t a critical feature after all. When you install Git (on Windows at least), you have the option to install the Git Credential Manager as well.
As long as you do that you should have smooth sailing.
I'm looking for a way to use DevOps REST API (e.g.: download artifact published from pipeline) from VSCode extension (from TypeScript/JavaScript). (That is, I'm writing the extension/code to do that...)
In VSCode there is Azure Account extension (https://github.com/microsoft/vscode-azure-account) which is used in many existing extensions interacting with Azure so I'd like to use it too to be consistent. It handles Azure sign-in and exposes credentials.
I found out there is Azure DevOps Services REST API (https://learn.microsoft.com/en-us/rest/api/azure/devops/?view=azure-devops-rest-6.1) and Node.js client (https://github.com/microsoft/azure-devops-node-api) but it seems to use different form of authentication for Azure (personal access tokens), so I think it's not possible to use it with Azure Account extension?
Is there a way to get required credential information from Azure Account, or is there an alternative for accessing things like pipeline artifacts?
I am trying to use Microsoft Identity Platform to authorize users to access Azure DevOps REST APIs in my Angular SPA, similar to how it is done for Graph API authorization. Do I use Azure Portal and register my app and include the Azure DevOps API with user_impersonation scope?
You don't need to use Microsoft Identity Platform to access Azure DevOps REST APIs.
For angular application that want access to resources like Azure DevOps REST API's, you can click Microsoft Authentication Library for JavaScript (MSAL.js) for detailed information.
And here is a code sample.
I am trying to implement an integration between a web-based code editor and Azure Devops. I am trying to use OAuth to get user authorization and then to make a clone of a repository on behalf of the user.
For GitHub I can use the OAuth access token as a username to clone the repository. Is there a similar functionality for Azure Devops?
Is there a similar functionality for Azure Devops?
The answer is yes.
Azure DevOps Services uses the OAuth 2.0 protocol to authorize your app for a user and generate an access token. And we need make sure Authorised scopes include code (Read) when we generate the OAuth token:
Please refer this document and this blog for some more details.
Note:
Since OAuth 2.0 is not supported on Azure DevOps Server
(I saw you add Azure DevOps Server tag on your post). Client
Libraries are a series of packages built specifically for extending
Azure DevOps Server functionality. For on-premises users, we recommend
using Client Libraries, Windows Auth, or Personal Access Tokens
(PATs) to authenticate on behalf of a user.
Youtrack 6.5 introduced integration with Gitlab VCS server.
I'm trying to integrate Youtrack 6.5 with stand-alone Gitlab repository (i.e. not gitlab.com)
Our Gitlab server also require users to go through LDAP authentification first.
Is it possible to make Youtrack go through LDAP authentification?
In case your LDAP server supports authentication with a client certificate, you can try adding a corresponding key to Hub as described here https://www.jetbrains.com/help/hub/2.0/Managing-SSL-Keys-and-Trusted-Certificates.html#ManagingSSLKeyStores and then select the key in GitLab properties form.