What about C# RestSharp library compatibility with Kerberos authentication?
I can see there is a NtlmAuthenticator but do we need to implement the same with Kerberos or is it managed automatically by underlying HTTP call?
Related
We use ADFS 3.0 (Windows 2012 R2) server to access an ASP.NET browser (.NET 4.5) application, which uses ClaimsPrincipal class (part of the Windows Identity Foundation library). The ADFS servers authenticates to our Active Directory. The ASP.NET application runs properly if we use WS-Federation sign-in protocol but fails if we use SAML sign-in protocol. The error message is not helpful "An error occurred"
The ASP.NET is a web form application, developed using VB.NET
My questions:
1) Does ADFS 3.0 with SAML sign in protocol work with ASP.NET web form application which uses ClaimsPrincipal class, which is part of the Windows Identity Foundation libraries?
2) What are the changes (as compared to WS-Federation) we must make to web config in the ASP.NET application, to us SAML sign in protocol?
Thank you.
Chong Chin
To get WS-Fed to work, you either will be using WIF or the WS-Fed NuGet OWIN package?
There is no Microsoft equivalent for SAML.
You need a SAML stack (in the same way that WIF provides a WS-Fed stack).
I have to authenticate to a NTLM service but I cannot authenticate from JavaScript. Any solution? I must develop a custom plug in?
A quick research shows that in order to utilize Javascript authentication to NTLM, you'll need a plug-in. See this thread: Authenticate Windows Authentication using Javascript
Note: NTLM has long been deprecated by Microsoft. Suggest using Kerberos instead. For new questions regarding that usage, open a new question using kerberos and active-directory tags.
I have developed a Rest API using Jersey for my Java application and also implemented basic authentication. Is it possible to authenticate a user from the database instead of authenticating them through the Web.xml file?
As a requirement I need to configure 2 enterprise applications using SAML token.
Due to following listed constraints I need to write individual services for token generation and token signing.
The Constraints are:
No IdP(Identity Provider) available. No associated metadata file available.
Need to use SAML 1.1 version
Need to self-sign the SAML Response.
As part of POC I am able to generate SAML Token using 2.0 version by writing a service which is forwarding to Signing service for signing. I am able to sign it by generating certificate\keystore using Windows keytool command.
Although For SAML 1.1 Implementation using OpenSAML library I am unable to generate the SAML request message in proper format. I looked for additional libraries which could help like WSS4J which has SAML Token Profile Generator.
Also some configuration around IBM Websphere Application server (SAML Token Generater) as that is the used for hosting an application. Still could not implement the solution using the above options.
Questions:
Is it possible to do a SAML implementation without using a IdP Server ?
Can I use IBM Websphere Application Server(WAS) as IdP Server?
Can WAS be utilized for generating STS tokens ?
Any library like OpenSAML, WSS4J which can be helpful to generate & Sign SAML Tokens easily for SAML 1.1 version ?
We are considering spring-ws as the platform for implementing web services that will be deployed on weblogic. We need to use WS-Security with SAML tokens issued by our identity management platform (TFIM).
The Spring-ws documentation for XwsSecurityInterceptor does not mention SAML, and it is not clear to me if would work in this context.
I guess alternatives could be to do our own interceptor which uses OpenSAML or somehow utilises the SAML support in weblogic.
Does anyone have experience with this? Would be nice to aim for a solution that is known to be workable.
Apache WSS4J does support SAML tokens, and Spring-WS comes with a Wss4jSecurityInterceptor, so I'd guess you could get it working out of the box.