I have a database with users, how would I start creating a custom implementation of my users with IdentityServer? All the examples I have seen use the InMemoryUser that are hard coded with values.
Can one follow this as a guide line?
Yes, That is a good point.In IndentityServer v3 there is an interface(IUserService) to interact with user store. You can implement the interface using MembershipReboot or Asp.net Identity.
Hope this help.
Related
I am evaluating Keycloak for one of our systems where 2FA with TOTPs would be a requirement. I am trying to figure out if there is a way to register a new Authenticator app via the Admin REST API, so our user's wouldn't need to interact with the Keycloak provided account page.
I've spent some time with the reference documentation but got no luck. Is there something I am missing? Is omitting the Keycloak provided UIs a preferred way to use this service?
Thanks!
The short answer to this specific question is "no", as has already been said in Jan's answer.
However, for those that are interested, I've added a detailed answer around what you can and can't do regarding attempting to roll-you-own around the OTP device setup in Keycloak as the answer to this similar question: Keycloak - Multi/2FA Factor - OTP - QR Code - Custom Login Screen - Rest API.
The focus there is more around setting up OTP devices using your own application pages instead of Keycloak's, but someone who has found this page looking for information might find it useful.
No, you can't use API for that. You need user UI interaction.
I can't imagine how you will be able to distribute TOTP credentials to the user device. Maybe some high profile enterprise environments (Android Enterprise, ...) can force it, but it won't be very common use case.
I'm new to OAuth and I would really appreciate if someone could give me a hand with my problem. I need to create a simple web application for track expenses, with some basic actions (user must be able to create an account and log in, list expenses, edit them, etc) with a REST API for each one, and the trick is that I need to be able to pass credentials to both the webpage and the API. So, after some research I've found some examples using Digest Authentication and HMAC Authentication but lot of posts also mentioned OAuth as an alternative approach, so my question is, given this scenario, would be proper to use OAuth? I mean, as far as I understand OAuth is suitable when you want to share resources with other application, which I'm not doing for this project; besides that, when you try to access the shared resource it appears a page requesting permission for the foreign application, would that page appear at some point in my application? (maybe after the login?)
Thanks in advance guys
In your current scenario it does not make sense to use OAuth. It's not what OAuth is designed for.
If your application ecosystem is going to have multiple webapps running on a single SSO (like google) then it is very helpful to have OAuth.
Suggestion: Decide based on your business/operation plan and implement accordingly.
Note: If you plan to have 10 apps in the span of the next 5 years but only have one app now it does not make sense to spend time to implement complex protocols like OAuth right now. Scale as you grow.
I hope someone could help with this:
I am working on a php project and I need to implement the authentication of the application as a Service. I need to do something like Google where offers a Service to login in other applications using Google's Authentication Service (for example trello.com allows visitors to login with their google account).
I would like to clarify my mind, because I have no idea how to start it. I am using Symfony2 framework and I'm trying to work RESTFully, but basically what I need is just an idea of what I have to do or investigate to carry this out.
As the symfony Ecosystem is big, take a look at the FOSRestBundle for creating the API. Then there is the NelmioApiDocBundle for easy documentation of your REST-API. For authenticating you should consider OAuth, so take a look at the FOSOAuthServerBundle. With all three combined you can create a great API.
Also read this article, about REST APIs with Symfony2: The Right Way
I'm attempting to implement SSO and wanted to use Netsuite as an IdP. Now I know officially this isn't possible but I was wondering if it's even remotely possible to have something like this done (custom coded or anything like that)?
Unfortunately I am not the most knowledgeable person in regards to these things, please forgive my ignorance.
Thanks!
It really comes down to what NetSuite exposes for PingFederate to hook into. From a PingFederate perspective, if NetSuite exposes the ability to validate an existing user session by a 3rd Party or provides an API that can essentially authenticate a user you could create a custom IDP Adapter for PF that would handle this.
This is something that your Ping Account team can assist with if you're interested in getting some assistance.
HTH
--Ian (Note: I work for Ping)
I'm trying to switch my site from the asp.net membership sql provider to using facebook connect to do OAuth single signon. I'd like to keep using the role provider as it makes it pretty easy secure sections of my site by flagging the controller class or controller methods with the Authorize(Roles="...") attribute. The site isn't live yet so I'll be completely ditching the Asp.net membership provider if I can. (keeping the roles and profile provider)
I've got the facebook connect logging the user in and I can get his info. But how do I associate that with a role?
I'd like the system to automatically add a new user to the "SuperHero" role after he authenticates and authorizes my app.
Am I on track here? Is there a better way to handle roles when using OAuth2? I'd like to add other OAuth providers later.
An alternate approach would be to keep the asp membership, then when I user logs in through facebook connect, I could find his record and sign him in with aspmembership. But that seems sloppy.
Some sample code would be great and I'd think others would find it helpful too.
thx,
Dan
The easiest way to do this ime is to actually implement a FacebookMembershipProvider for yourself. That way it ties in to all the other providers naturally. The main downsides are a) a lot of code b/c Membership is a fat interface, and b) some cruft b/c it assumes you'll be doing passwords, etc, which obviously you don't need for OAuth.