We need to support authentication and signing with Swedish BankID together with Keycloak.
Looking for a Keycloak library for this (open source or commercial) - do you know anything about like that?
We just published a bankid identity provider for keycloak
Please try it out and give feedback.
https://github.com/bankid4keycloak/bankid4keycloak
Related
How do I determine the identity provider (IdP) of a web application? I have been assigned to manage an LMS web application (I have basic admin privileges) that I am unfamiliar with and they would like to integrate SSO using SAML. I figure this is a noob question but I cannot find guidance on the topic anywhere.
I tried checking other threats on stackoverflow but I don't think any were this basic. I also tried going through the authorization settings of the LMS site but did not see anything helpful. Our site does have a sign in with google option (not sure if that shed's any light)
{No code to show}
If the LMS supports SAML out of the box, consult LMS docs on how to configure SAML on LMS side. The LMS will likely be a service provider. The identity provider will be an entity external to LMS. You will need to talk to admins of the identity provider so they can supply you with information about the identity provider. This information is known as SAML metadata; it is often provided in XML format. You will need to enter this information in config screens on LMS side. Sometimes the identity provider and/or the service provider will have instructions that show specific configuration steps for getting the other party to work with them; this might be your best bet for "out of the box" setup.
If the LMS doesn't support SAML, then all bets are off.
I'm implementing the Keycloak authentication with vertx. I would like to customize login flow, instead of username/password form I want to login via mobile number and OTP.
Any one can help me if they have created any custom required action provider in keycloak.
Thanks in advance.
I think this would be doable in Keycloak now with Authenticator SPI. Please have a look on this code you will get to know you can revamp full login flow without much issue .
Same can be rewrite for login from mobile number.
Please have a look this API keycloak-sms-authenticator,it will give much flexibility to do SMS based Authentication without writing much line of code.
Here is another good official documentation Custom User Attributes available how to use mobile number .
I need some guidance on my SSO implementation. We have a web application where we are authenticating the user through applications Database. We check user details in USER table and match password. If everything looks good we create PHP session and allow user to Login. One of our partners is requested for SSO integration, they want us to behave like Identity Provider (their application will be Service Provider). I have no idea from where should I start. Few initial guiding points will be a great help.
Thank you!
First question is what protocol they want to use:
SAML 2.0, WS-Federation or OpenID Connect / OAuth?
What platforms do you use? - Windows , Linux? Microsoft shop?
Do you want to pay for a commercial product or use open source?
What repository do you want to authenticate against? You mention a DB. Is this SQL Server, MySQL or what? Not all products authenticate against all repositories.
If e.g. the answer is SAML 2.0 and open source, look at shibboleth or simpleSAMLphp.
identityserver would be another possibility.
If the answer is WS-Fed, Microsoft commercial, look at ADFS.
I am implementing Single Sign On through SAML. For this, I need an IDP (Identity Provider) which can be installed on-premise. Can you provide me the list of IDP's available and their licence Cost and supported platform? I searched and found like Gluu, Shibboleth but not finding the exact. Please help me out.
Thanks in Advance.
Refer SAML-based products and services.
I have used shibboleth and simpleSAMLphp - both open source - both work.
If you want to pay, then Ping Federate, ADFS, OpenAM and Auth0 are all good options.
I do not want to share our user identity with anyone else. We are using Progress Open Edge Database to store user id and password and authenticate from there.
Is there any way that we install IDP on-premise where our user identities should not be shared in cloud rather it is in our network?
I am using OneLogin but it allows to share user id with themseleves but i do not want to share user id with any IDP, instead it should be on my network, that is why i am lokking for an IDP which can be installed on-premise.
A little old post but maybe someone else looking for an answer can benefit. There are many Identity Providers available out there. It depends on your use case which one you should go with and if you need an open source or if you want full support for it.
If your use case requires you to support all the IAM features with easy to configure UI then Keycloak and miniOrange are the ones I would recommend. Keycloak is open source and miniOrange charges for support if you need it. There are others like Shibboleth and SimpleSAMLphp but they don't have an intuitive and easy to use UI and you will have make changes in their config files directly.
As you already pointed above since you don't have any cost issues then you can check out ADFS and Ping Federate.
My best choices will be:
Paid : PingIdentity
Free (as in community) : WSO2 IS, Forgerock OpenAM, Redhat Keycloak
Free : SAMLphp, ADFS (you paid for the servers anyway)
We're a small-ish educational institution whose school email is through Google Apps for Education. We have contracted with an external vendor who is provisioning accounts for Google by getting a list of students from our AD who do not have an email account already provisioned. Once provisioned, the student authenticates to Google services by using their AD account credentials (which is how they access network resources while on campus).
I've been looking into saving a bit of $$ by bringing this process in-house but have been struggling while seeking tangible examples of how to go about doing this. The documentation that I did find has a deprecation warning. Is SAML still how this authentication scheme would be handled? If so, can someone help point me in the correct direction for this?
I've looked through the similar questions and none of them really seem to help.
Python and .NET are accepted solution implementations here.
There are two ways for SSO authentication.
SP-initiated
IDP-initiated
For SP-initiated on google apps you need to:
* Created a certificate and a private key using openssl toolkit or any other tool.
* Upload this certificate to the Google Apps single sign on settings.
* Give login URL to your application etc.
After saving setting on google are done. Now you need to write a code that wil accept request token from google and after parsing send it back to google app.
For code on your side you will use openSAML libraries.
You will also need a keystore(*.jks) in order to make SAML response signed.
These links will help you.
SAML token help.
See this answer.