SAML 2.0?
OpenId?
OAuth 2.0?
CAS?
And others?
I know they all can do SSO, but I want to find out what are all standard protocol nowadays we used for SSO that covers 80% of market?
Anyone knows how do I find the result?
There is no standard protocol because it depends on the use case e.g.
Microsoft Enterprise uses WS-Fed.
Java Enterprise uses SAML-P.
Native (mobile) uses OAuth2 for consent. If you want authentication on top of this, add OpenID Connect.
And it also depends on the STS - not every STS supports all the above.
Related
I am looking to implement single sign on functionality into an existing Asp.Net MVC 5 web application using SAML 2.0. My team and I have looked into a few different NuGet packages to help us get started with this implementation. We already have the IdP and metadata file, but now just need to implement the SSO functionality into our project.
We came across the Microsoft.IdentityModel.Tokens.Saml package and were interested in using this to set up our SAML configuration but have not been able to find any documentation on how this is actually implemented. I was wondering what is this package typically used for and can it be used to handle SAML requests and responses for the implementation of SSO functionality into a web application or should we look into using a different package? Thanks!
This package is for handling SAML assertion security tokens. It's not for handling the SAML SSO protocol. The WS-Trust protocol supports a number of different security token types including SAML assertions. The Microsoft.IdentityModel.Tokens.Saml package provides this support. SAML SSO also uses SAML assertions but is a completely different protocol from WS-Trust.
You'll find there are a number of open source implementations of the SAML v2.0 specification as well as our commercial offering.
I have an API REST made in node js, and now I'd like to implement some XACML policy. I have been searching and I found that I can use ALFA to make the XACML rules. But I need a PDP for applying the rules. What can I use / how can I implement it?
I have read about WSO2 Identity Server (which I think I can use as a PDP? I'm not sure). It is probably too much for a little project. Any other suggestions? Or is WSO2 IS adecuate?
The go-to open source implementation of XACML 3.0 nowadays is AuthZForce. In OSS, it's the most up-to-date. In the commercial realm, look into Axiomatics (where I worked). They have the most up-to-date PDP and are the authors of the standard.
Yes, you can use Wso2 Identity Server as your PDP. Once I had a requirement to secure a Spring Boot rest API through XACML[1]. Anyway, It would be much easier for you to use the Identity Server PDP than implementing one. You have easy beginner samples that you can try out for your use case.[2] There are tools in the identity server that you can use to create the XACML rules.
[1].https://medium.com/#buddhimau/role-based-authorization-for-spring-boot-using-wso2-identity-server-3d74ab307fb9
[2].https://medium.com/#gdrdabarera/how-entitlement-management-works-with-rest-api-via-xacml-in-wso2-identity-server-5-3-0-7a60940d040c
Adding to Buddhima Udaranga reply, If you think IS too much for a little project, then you can directly use balana, which is the entitlement engine used inside IS. You can refer to this for more details. But balana have only java API.
How do I offer OAuth 2.0 provider services using swift? I would like to use swift as a rest API but missing this integral component. Would probably be able to build something from the spec but don't have budget on this particular project. Would be a great component to Perfect framework but I don't see it on the roadmap at present?
There are OAuth2 client libs: https://github.com/PerfectlySoft/Perfect-OAuth2
OAuth2 demo: https://github.com/PerfectExamples/Perfect-Authentication-Demo
A work in progress OAuth2 Server: https://github.com/PerfectServers/AuthenticationServer
I cannot find any Swift based OAuth identity provider solutions yet. Found a few libraries that might either be ported or built into a Swift solution, but it seems like the simplest path at the moment would be to implement something like Auth0 or OAuth.io as the provider
I need to implement Single Sign On feature for several internal web applications which are not deployed on the same domain.
Is federation a good solution in my case? Or it is only used if I want to federate the authentication to an external IdP.
I mean I want to create a custom WIF STS and make all the applications claims-aware RPs.
I'm thinking of it because I don't want to use custom solutions or third party libraries. WIF seems to have a straightforward solution integrated with .Net Framework.
Is my suggestion correct? Or this is an incorrect use for WIF.
Yes - a solution with WIF / STS will work even if it's only internal.
Beware of security if you roll your own.
You may want to look at ADFS or IdentityServer.
Going this route will make your life a lot easier.
WSO2 EMM looks like a very interesting effort. I am looking for OMA-DM and optionally TR-069 client support as well. In other words, the ability of a device with an OMA-DM client to enroll and be managed by WSO2 EMM. One might say that what want is an OMA-DM server, but in fact, I am looking for a server that can address both mobile device (smartphone/tablet) as well as "other" device management options.
Thank you in advance!
WSO2 EMM doesn't support OMA-DM or TR-069 client support (yet). As a core developer involved in the project I would certainly raise these protocols as important features to address in the future releases.
From WSO2 EMM right now what we have tried (please note that I am a core team member) to address is the management of mobile platforms which are popular these days. For this we have dealt with the MDM APIs provided by the platforms. For this its not necessary to dig into the implementation details of MDM protocol under each platform since its upto the MDM vendor to provide and implement it.
Note: As far as I know Windows supports OMA-DM. Anyway in a future release there will be Windows phone support.
To add additionally to your point, if you think it from a different angel its also possible to integrate OMA-DM clients. For this the implementation of the EMM needs to be done adhering to the server aspect of the protocol. Yes this is perfectly possible and if there are real use cases or need we might go for it.