Integrate Liferay with CAS and SAML - single-sign-on

We have a requirement where user needs to login to portal with CAS (but SAML way). User can also login via login portlet of liferay.
We have few apps hosted on Intranet and few on Extranet. When user is in our office network, he should be able to login to all the apps via SSO. This includes apps which are hosted on extranet as well.
To achive this we want to use SAML with CAS.
By doing some research I understand that in this case CAS would be my IDP i.e. Identity provider and my apps on extranet would be SP i.e. service provider
Any idea how to proceed with it?
Any help is appreciated.

I have to do the same thing but using a LDAP too ...
I'm following this cookbook to achieve that, the second chapter talks about Authentication and Registration Process
I hope this would be helpful!!

Related

SSO authentication using pingfederate

By using pingfederate, I am asked to implement an SSO authentication feature (SAML2.0 or OpenId type) in a local web application, my concern is that I am a beginner on the use of pingfederate. Everything I've done so far is to have installed the pingfederate application and also the project in question then I tried to follow the documentation on the pingIdentity platform but that didn't help me much. So I come to look for solutions on the approaches that I have to do if someone could help me or guide me.
I tried to configure the connections between an IdP and pingfederate(as SP) and also the connection between pingfederate( as IdP) and my SP app but nothing works, maybe the configuration I did is not correct
what i want to do is to successfully implement this SSO (SAML2.0) authentication feature in my web application using pingfederate and I implore your help for the configuration steps that I have to do

SSO authentication with pingfederate

By using pingfederate, I am asked to implement an SSO authentication feature (SAML2.0 or OpenId type) in a local web application, my concern is that I am a beginner on the use of pingfederate.
Everything I've done so far is to have installed the pingfederate application and also the project in question then I tried to follow the documentation on the pingIdentity platform but that didn't help me much. So I come to look for solutions on the approaches that I have to do if someone could help me or guide me.
I tried to configure the connections between an IdP and pingfederate(as SP) and also the connection between pingfederate( as IdP) and my SP app but nothing works, maybe the configuration I did is not correct
what i want to do is to successfully implement this SSO (SAML2.0) authentication feature in my web application using pingfederate and I implore your help for the configuration steps that I have to do

How do I sync data with ADFS?

We have Single Sign-On (SSO) done via SAML.
Currently we have requirement to sync users from ADFS to our database as well as ADFS groups.
I was able to google out solutions for LDAP, however that seems quite old.
Is it possible to do this via SAML? Any other method?
I would be using PHP.
Both SAML and ADFS are about authentication.
What you are referring to is provisioning which is not provided by either.
The modern standard for provisioning is SCIM.

How can I add my Tomcat Application in onelogin for SAML?

I am having a Web Application running on tomcat and hosted on amazon, I want to add it as an SAML Service Provider which allows single sign on(SSO) in onelogin(https://www.onelogin.com/)
I have a free trial account in one login, and In Add App section I can see many applications like salesforce,aws and all but how can I add my own application there ?
I clicked on Suggest an App and and gave my application URL. Is there anyway I can add my own application as an SP in onelogin ?
You can use the SAML Test Connector. It works with any generic SAML Service Provider.
If you also need to add SAML support to your tomcat application, you should know that Tomcat does not have a SAML SP provider implementation itself, so you will need to add SAML support to the java application. For that you can use:
OIOSAML
spring security
java-saml
shibboleth (It requires also Apache).

Where to test IdP-Initiated SSO?

We've developed a SAML2 SP (supporting IdP-Initiated SSO, as per the user journey we want).
My question is, short of developing an IdP, how can we test it is working? Is there an IdP-Initiated SSO test harness out there? (I know of SSO Circle, but that is for SP-Initiated SSO).
You can use a trial account from Onelogin and configure a SAML Test Connector, or deploy your own IdP with simpleSAMLphp
You can test out IdP-Initiated SSO via this JS Bin: https://output.jsbin.com/nukiso
The code is quite long and wouldn't be appropriate to put directly into this post.
It works completely on the browser side and uses web crypto APIs for signing the assertion. It is probably a better idea to use a real IdP as this is more of a tool for learning how to make the SAML response/assertion. To prevent anyone from being able to log into your website without authentication, do not use the JS Bin IdP metadata on a public/production server.