Jboss 6.1 DV integration with IBM Mainframe - jboss

Does Jboss 6.1 Data Virtualization beta provides integration with Mainframe using RACF protocol authorization ? I searched thru the internet and couldn't get any detail procedure.

RACF is what is known in the mainframe world as an External Security Manager (ESM). There exist other ESMs such as ACF2 and Top Secret. Other products such as CICS and DB2 communicate with the resident ESM for authentication and authorization purposes.
You don't communicate with the ESM, you communicate with (for example) DB2 supplying your authentication credentials and DB2 asks the ESM to authenticate you.
I am not a JBoss person, but I think you want to read Chapter 3 in the Security Guide.

Related

Authenticating to blockchain from a Java client?

I have a blockchain network built using Hyperledger Composer, started the Composer Rest Server and generated Java client code from the Open API spec to consume the REST Api. I have looked at the documentation to enable authentication and multi user mode. I already have authentication in my web application. How would I go about granting access to the user to interact with the blockchain after they sign into my web app?
Thanks.
Can you please tell us what strategy are you using for your web-application authentication?
Recently updated documentation # https://hyperledger.github.io/composer/latest/integrating/enabling-rest-authentication
The REST server uses the open source Passport authentication middleware.
Administrators of the REST server must select Passport strategies to
authenticate clients. Multiple Passport strategies can be selected, allowing
clients of the REST server to select a preferred authentication mechanism.
Passport includes a wide range of strategies (300+ at the time of writing),
including a mix of social media (Google, Facebook, Twitter) and enterprise
(SAML, LDAP) strategies.
You need to configure an appropriate passport-strategy to generate the access_token that will be used by REST API SERVER.

CAS server intgration with Spring vs Spring Security native

We are developing a product that consists of a set of micro services developed as Spring Rest API, those APIs will be called using Angular JS client (not confidential client to server communication) and will also interact with each other (server-to-server communication );
We are in the stage of developing an SSO solution where we also want to implement authorization based on user roles for each API, while diving more through Spring Security, I have noticed the great support for OAuth2 standard, but at the same time I saw
Implementation for a CAS server integrated with spring client;
Now my question, why would someone goes with CAS server instead of using native spring security implementation and how roles will be passed from the CAS server?
You need to further study the concept of centralized single sign-on and different components in the architecture. Spring Security is a client library mostly used by the app to contact a server of some sort. CAS, as a software system, is a server. Your client application can use any library you like to contact the "account source" or the "identity provider" server. The server on the other hand, depending on the capabilities of the client will respond and react according to the semantics of the authentication protocol used.
Roles or more accurately put, attributes and claims are passed to the client app once tokens/tickets are validated using the CAS protocol. Other protocols more or less provide the same concept.

Thinktecture Identity Server v/s WSO2 Identity Server

Am trying to choose between Thinktecture Identity Server v3 and Wso2 identity server for implementing Identity and Access Management solution.
Particularly, am interested in using following features:
Single Sign-On (SSO)
Managing user identities
Connecting to central repository like Active Directory, OpenLdap, Oracle Internet Directory etc.
Active and Passive Federation
Integration with ADFS
We are a .Net based shop, so getting more inclined to Thinktecture's IS, but don't want to rule out WSO2 just because its Java (one more dependency for us)
Are there other Pros/Cons between the two?
Thanks
I'm one of the developer of WSO2 Identity server. So my answer would biased to our product :)
WSO2IS is comprehensive Identity Management platform - having support for SAML2, OpenID, XACML 3.0, OAuth 2.0, OpenID Connect, SCIM, WS-Security standards.
And it acts as an Enterprise Identity Bus (EIB) — a central backbone to connect and manage multiple identities regardless of the standards on which they are based (http://blog.facilelogin.com/2014/10/identity-federation-patterns-with-wso2.html).
Few unique features that I would like to highlight on WSO2 Identity Server are.
SSO bridging to make identity and entitlement management effortless.
Identity Federation with EIB concept.(http://blog.facilelogin.com/2014/10/wso2-identity-server-microsoft-adfs.html)
Seamless integration between internal applications and cloud apps
such as Salesforce, Google Apps, and Microsoft Office 365.
New user and group provisioning capabilities
(http://blog.facilelogin.com/2014/10/wso2-identity-server-500-provisioning.html)
Multi-option and multi-step authentication to provide flexibility in
selecting authentication options and enable robust multi-factor
authentication
(http://blog.facilelogin.com/2014/10/what-is-new-in-wso2-identity-server-500.html)
High scalability (We have a middle-east customer using WSO2 IS over
an user base of 4 million for OpenID support.)
Light-weight and Very low memory footprint. The stripped down
version of WSO2 IS can be started with 64MB Heap Size and the
standard versions runs with 96MB Heap.
Highly extensible. The architecture behind WSO2 IS is highly
extensible. You can easily plugin your authenticators, user store,
provisioning connectors etc...
Support for multi-tenancy.
Suport for multiple user stores (AD, LDAP, JDBC)
Interoperability.
Part of a proven SOA product platform provided by WSO2.

database authentication with cas server module

I am in process of implementing SSO for two web-applications (both jsp-servlet MVC based).
The user credentials in sqlite database "App1.db" within table LOGIN(USERNAME,PASSWORD).
CAS's official page mentions support for MySql and oracle ,but nowhere it mentions non-compatibility with "other" databases .So, is there a way to integrate this sqlite database with CAS server module for authentication ?
Most of the CAS Server documentation is community driven. The authors of the page you referenced have worked with MySQL and Oracle. I personally have connected it up to Microsoft SQL Server without issue... because it uses JDBC.
CAS JDBC Authentication Handler uses Spring and JDBC. JDBC is generic by design. So if your sqlite database has a JDBC driver, then you should be good to go.

LDAP to SAML/REST proxy

We are doing a Cloud POC, we will have applications hosted in the cloud that can only talk LDAP. Is there any system/appliance/virtual directory in the cloud that can appear to be an LDAP server from the application side, and on the output side talk SAML/REST based over the Internet to talk to our SSO product that can authenticate users against our corporate LDAP, which is tucked inside our internal firewall?
You need to deploy an Identity provider connected to the ldap. You can adopt CAS or SAML technology.
In that wikipedia entry you can check the differents products (commercial and free software):
http://en.wikipedia.org/wiki/SAML-based_products_and_services
Most of them support Ldap as the authentication source backend.
Also Take a look on this thread:
Way to single sign on between PHP, Python, Ruby applications
The emerging SCIM (System for Cross-domain Identity Management) protocol might make more sense for the use case you're illustrating. It's intended to provide a simple REST API around an identity store so you can perform Create/Read/Update/Delete operatons. What will be available could theoritically be controlled via some policy within a SCIM server to alloy your clients to essentially interact with the backend LDAP directory.
Many products are adopting the SCIM standard now, such as ones from Ping Identity, Salesforce and UnboundID.