I have a cloud foundry instance hosted on IBM Cloud (formerly Bluemix). A third party vendor requires a url to publish webhooks onto my app. If I use the bluemix generated base url it works fine but if its a custom route (with my own domain) bluemix doesn't pass it on to the app.
Why is this happening and whats the solution (to be able to use custom domains)?
Turned out to be an SSL CA certificate issue.
Resolution was to grab a g2_bundle.crt file (with root cert in it from GoDaddy as my original cert was bought from them), upload to IBM Cloud certificate manager (found in the catalog) and viola :)!
Related
I have an azure web app. Now, I am trying to install shibboleth service provider for my web app.
I found a way to do this though this blog.
Is there any other way to set up shibboleth sp without installing a VM on azure?
I have searched a lot on web but all they show is to set up SSO in azure using Azure active directory as IdP.
Is there any way to configure my external Idp to web app in azure?
SSL is the first layer of defense for an SSO web application. Thus you must obtain an SSL certificate for your web site’s URL.
The biggest trick seems to be configuring Azure and Visual Studio to not get confused between the remote desktop certificate and the SSL certificate. The Azure instructions for configuring SSL you could refer to.
Here are the most important points as below:
1.You will need to have the certificate in a PFX file so it can be uploaded to Azure. This PFX file must contain the certificate’s private key! You will also need the certificate thumbprint.
2.Modify the cloud service’s service definition and service configuration files.
3.Upload the SSL certificate to your cloud service application.
4.Now the SSL-modified cloud service application needs to be uploaded to Azure.
5.Browse to your web site using HTTPS. Fingers crossed! It should work but HTTP should be rejected.
If you need to set up a test IdP, Microsoft has produced a series of videos on how to do this.
Of course there is the Shibboleth IdP documentation at shibboleth.net.
You should also have downloaded the Shibboleth SP 64-bit Windows/IIS 7 MSI file.
Get the latest version from the download site.
Now when you browse to your Azure web site you should be redirected to your IdP’s login page. Once you successfully log in you should be redirected back to your web app. There will now be session variables that contain authentication attributes such as IdP URN, user name, and so on.
For more details, you could refer to this blog.
I have a Raspberry Pi3 device which has Android Things dev preview 0.6.1 installed. On completing certain operations, the device needs to send data to Google Cloud Storage. To do so it must have an API key to authenticate itself.
In Android devices it could be done easily using by integrating Google Sign in Option but since my Android Thing device doesn't have any interface, Google Sign In could not be implemented in it.
I have gone through github project Android Things Weather Station Sample which is using Google Service Account to publish data to PubSub. To do so, it generates and imports a credential.json file into the project and somehow generates credentials from it.
So my question stands is, without user consent, can we use Google Service Accounts to authenticate with Google Cloud Storage? If yes, how can we generate access token from it ? If no, is there any other method to authenticate with GCS?
The simplest and most secure way to authenticate your IoT devices with Google Cloud is using Cloud IoT Core to publish data over MQTT or HTTP into Cloud Pub/Sub. Cloud IoT Core is a bridge designed to securely manage large fleets of devices and authenticate them with your cloud project.
Take a look at the SensorHub sample app on GitHub, which is similar to the weather station, but uses Cloud IoT Core to authenticate and publish instead.
As Shubham stated, using a service account is one way to authenticate devices. Otherwise you'd need to build a mobile companion app which you use to authenticate the user. Then you would have to transfer that token to the IoT device.
In case anyone faces the same issue, I found this document which has explained the way to authenticate devices with Google Cloud without the consent of a user.
I have a Webapp hosted on Google compute engine. I am trying to list it on Microsoft AppSource. One of the mandatory conditions for listing is enabling Azure Active Directory federated Single Sign-on (AAD federated SSO) for the app.
Google Cloud platform supports SAML 2.0-based SSO. Hence technically this should be possible. Has anybody tried it and any has experiences to share. Thanks in advance.
In order for an application to integrate with Azure Active Directory - it is not required that you have an Azure Subscription, or even Azure Active Directory (specially if your application is a multi-tenant application) - you can host your application anywhere.
For AppSource, as long as your app integrates with Azure Active Directory, then you are able to list your app on AppSource - which means that the application does not need to be hosted in Azure. AppSource also requires Open Id Connect - SAML would not qualify. For more details please see this article.
To make it easier to test the Azure AD integration in your application, you can create/ use a test tenant with a Microsoft personal account (MSA), as well as use this MSA account to register your application for OAUTH2 flow.
You probably don't want to use GCP's SSO. This is really designed to allow your developers to use your organization's auth system while working on GCP. This is different than allowing your users to use their organization's AD while working within your web app.
Instead, I suggest you look to see if anyone has built AD or SAML integration for the framework your webapp is built with, or look to implementing it yourself. This allows the SSO auth to be used for the app itself, instead of in accessing GCP APIs.
I have a web application hosted outside bluemix. However, I would like to use the Single Sign on service available on bluemix for authentication. Is that possible. What are the steps involved.
Sorry the Single Sign On Service within Bluemix is only designed to work with Bluemix hosted Node.js and JAVA(Liberty) applications. It will not work with applications outside of Bluemix
I need to configure Google Cloud Storage for a Google Apps account, is it possible?
Yes, sign in as your employee#company.com account, navigate to the API Console and create a project. This project will be part of your apps account.
Add the appropriate other_employee#company.com emails to the team, enable cloud storage in the services tab and you should be all set!