I have enabled Enterprise SSO on zendesk so that users in my external Identity server can login to Zendesk. Setup is successfully made and users in my system can do SSO with Zendesk.
But As a admin I can't do SSO with zendesk from my external application, other end users and agents can do. What could be the root cause of this?
Related
I have an SPA web app using openidconnect for authentication and authorization with local keycloak.
This app is now moving to an windows onprem infrastructure using AD, kerberos tickets and a central SSO.
users log in in their windows session, and then we shall be able to transparently login in our SPA web app. (ie with out entering credentials)
How can I convert kerberos ticket/authentication into Openidconnect world? Where is the magic?
Shall we add some kerberos in our app?
how can we retrieve our access token containing the user role?
thanks
Your SPA should continue to talk to Keycloak using OIDC, and no code in the SPA should need to change. Your APIs will also continue to receive the same access tokens.
You should only need to configure Keycloak to use AD for authentication as an LDAP data source. Here is an article on how to do that. It is an infrastructure job rather than just a coding one, so I would recommend collaboration with AD administrators on the environment setup.
AD is only one possible authentication method, and by doing things this way you keep your options open. You are likely to need to perform account linking, eg to identify users the same before and after the migration. There may be some data setup involved here, eg ensure AD has the same emails as the existing system.
I've configured a SPA application with a Azure B2C user flow to sign in on my SSO (based on Keycloak) using OpenId. Then I've configured another application with a Azure B2C custom policy to sign in on the same SSO, but using SAML.
I have another application on AWS directly connected to KeyCloak with another client.
The user can authenticate on both my Azure B2C, then navigate to the KK app, where the user is already authenticated.
This is not happening in the other way. If the user authenticate on the KK app the session isn't shared with the AzureB2C apps and he has to do the login again. Likewise the session is not maintained between the two AzureB2C applications.
My custom policy is based on SocialAccounts of MS Starter Pack. And this is my UserFlow session configuration.
Any suggestion on what I'm doing wrong?
My site was .Net webapp.It was linked some where in client dashboard.
But client website have duo idp 2 factor authentication.
Whenever client logins to his website and enter his valid logins and if he is authenticated as a valid user by duo idp then he will able to login his dashboard.
After succesfully login to dashboard(his app) if the client is trying to access my integratrd application link then he can able access my .Net app without asking username and password.
My .Net app don't have any saml settings.
please help me on this and how many ways we can do this single sign on.
I am using Thinktecture identity server v3 for authentication and authorization. It works good with local database. I added external identity provider as ADFS. It also works good but it asks credentials for intranet users. My requirement is automatically login the intranet users without asking credentials. If the user is internet user, it asks for credentials. Is it possible?
This is unrelated to IdentityServer3. Your browser and ADFS need to be configured correctly to use Windows integrated authentication.
I just read the article here: http://www.asp.net/aspnet/overview/developing-apps-with-windows-azure/building-real-world-cloud-apps-with-windows-azure/single-sign-on
I have just finished building an app that can authenticate users via WAAD, or via a local installation of ADFS on their corporate network (configuration point allows them to select one or the other).
The app will be hosted in Azure. Can someone tell me if it is possible for users who are on their corporate network to login to this Azure app WITHOUT entering their credentials?
Here is the flow:
user navigates to the cloud app
FAM detects they aren't authenticated, and redirects the browser to their ADFS server on the corporate network
ADFS server replies with 401 challenge (I assume this is what's happening)
user sees a user name/password box, and enters in credentials
user is redirected back to the cloud app with a token containing their claims
I don't understand why #4 is required if the user is already on their corporate network. Shouldn't ADFS use Windows Authentication here so they don't have to enter their password? Is there a way to configure ADFS to do this?
Thank you!
This can be accomplished by adding the Url of the ADFS endpoint to the local intranet or trusted sites of Internet Explorer. By default Internet Explorer will pass in the Windows credentials to sites in those two groups. If that doesn't work, you would have to double check that setting hasn't been modified.