UseCase:
I will be looking at possible ways to achieve SSO with a Java (Spring based) web app where users belong to a Windows domain and where the users (and their credentials) gets stored in a Windows Active Directory (against which authentication gets performed).
Technologies used: Spring Security 3 integrated with Waffle API
Error Description:
I am facing issues while authenticating the users when my web application (Spring Security 3 integrated with Waffle API) get deployed on Tomcat under Linux Environment.
But my Authentication works fine when i deploy my application under the Windows Environment (Tomcat Server on Windows).
I am getting the following error message on Linux Environment:
java.lang.NoClassDefFoundError: Could not initialize class
com.sun.jna.platform.win32.Advapi32 at
waffle.windows.auth.impl.WindowsAuthProviderImpl.
logonDomainUserEx(windowsAuthProviderImpl.java:170
Is there any workaround for Waffle API to authenticate the users based on windows AD by having that application deployed on Linux Environments (tomcat server on Linux environment)? Or is there any other way to achieve my above use case having my application deployed on Tomcat Server under Linux Box?
Waffle can not be used from a Linux box, as it communicates with the native Windows API.
You would need to use Spring Kerberos.
As per Waffle's documentation:
While Waffle makes it ridiculously easy to do Windows Authentication in Java, on Windows, Waffle does not work on *nix.
Related
What is meaning of (https://www.keycloak.org/archive/downloads-17.0.1.html)
Keycloak: Distribution powered by Quarkus
Keycloak WildFly (deprecated): Distribution powered by WildFly
When i see documentation it says:
The default distribution of Keycloak is now powered by Quarkus, which brings a number
of breaking changes to you configure Keycloak and deploy custom providers.
For more information check out the Quarkus Migration Guide.
The WildFly distribution of Keycloak is now deprecated, with support ending June 2022.
We recommend migrating to the Quarkus distribution as soon as possible.
However, if you need to remain on the legacy WildFly distribution for some time,
there are some changes to consider
I am using Wildfly as application Server where projects are deployed.
Shall this means i use Wildfly distribution of Keycloak only whose support is ending June 2022.
or
Does this mean that Keycloak use Wildfly underneath and not use that anymore and quarkus is used? (now here can quarkus distribution work fine with wildfly settings we currently have)
Unfortunately, it has nothing to do with WildFly anymore. Until recent versions, the Keycloak was being packaged as a Java EE archive file (or as WildFly module) that you could deploy into WildFly application server.
Quarkus on the other hand is a framework to develop cloud native Java applications. It's runtime relies on many open source projects for underlying services (e.g. Vertx, SmallRye projects, etc.) and has a completely different architecture. As part of such a migration, Keycloak is now being packaged as an standalone java application (that is a typical output for an app developed using Quarkus) and contains all its dependencies. So there is no deployment/installation on WildFly anymore.
Quarkus applications are being designed by default to be run on cloud environments like Kubernetes. So you may also require to consider if you can benefit from this if you have such an infrastructure in your organization (however it's not mandatory and you can just run it as a normal java app on your server). But you can definitely not use your WildFly specific configurations (e.g. the Keycloak subsystem or OpenID subsystem) anymore.
You can find more details here.
Quarkus is a variation of Wildfly that is packaged in such a way as to make containerization (i.e. Docker, Kubernetes, etc.) much easier. Applications written for Wildfly (and JEE in general) can be made to run in Quarkus quickly.
Wildfy 25 and above include OIDC functionality internally. Therefore, you don't need to install the Keycloak extensions like you used to. And Keycloak, as of version 15, is based on Quarkus too. Because of this there is a build phase of the installation that lets you set many of the options before the run phase. For example, I used to setup a data source in the standalone.xml for my database. Now, I use the resources.properties to setup my database for Keycloak. The concepts are similar.
If you're using a version of Wildfly less than 25 then you'll still want the Keycloak adapter.
We are a Java shop and use maven. Our app is on wildfly 18. Does anyone have any experiences on migrating a wildfly app to OIDC? We were given a security library that we can use to make OIDC calls to, but it requires a config file co-located with this library. Do we need to use a module for this? If so, do we need a particular section filled out in our standalone.xml?
You asked about Wildfly 18. This one for sure needs add-on modules, such as those provided by the keycloak project (https://www.keycloak.org/downloads).
Since Wildfly 25 the OpenID Connect functionality was added to the Wildfly releases, and since then the addon modules are no longer required. In fact, they should no longer get installed as they seem to break Wildfly.
See also
Secure WebApp in Wildfly 25 using OpenID Connect (OIDC) without installing a Keycloak client adapter
https://docs.wildfly.org/25/WildFly_Elytron_Security.html#validating-jwt-tokens
https://www.youtube.com/watch?v=2gQO4_7Z5CI
I have created windows server VM and installed ofbiz framework with Demo data. The framework is working fine when accessed through VM itself, but I need a way to access it outside (through local browsers).
You need to open ports (8080 and 8443) to access it from outside the azure VM. Here you go on how to do that- https://learn.microsoft.com/en-us/azure/virtual-machines/windows/classic/setup-endpoints?toc=%2Fazure%2Fvirtual-machines%2Fwindows%2Fclassic%2Ftoc.json
You can also use the Apache OFBiz Mailing list for such queries - https://ofbiz.apache.org/mailing-lists.html
HTH!
I'm new to Bluemix, but fairly skilled in WebSphere Application Server. I recently heard colleagues discussing the potential of IBM hosting an app server in the cloud. I saw this Beta announcement and was wondering how long the beta will last and if there's an actual product/service available.
The IBM Application Server on Cloud is generally available and you can learn more at: https://console.ng.bluemix.net/catalog/application-server-on-cloud/
We'd love to hear from you on the forums with your feedback.
Not only can you provision the latest versions of WebSphere Application Server Liberty profile and WebSphere Application Server classic (aka full profile or traditional WebSphere Application Server), now you can also get an early look at the next release with the WebSphere Application Server classic V9 beta. You can provision a virtual machine with an instance of WebSphere Application Server v9 beta running in Bluemix. Details on this open beta are available in the WebSphere Early Programs website:
https://www-01.ibm.com/marketing/iwm/iwmdocs/web/cc/earlyprograms/websphere/wasob/index.shtml
Or get a quick overview by watching this video Introducing the WAS classic V9 beta:
https://www.youtube.com/watch?v=2ssYKjcIRX8
The beta program for Application Server on Cloud has ended. Planned GA is Sept 24. Here is the announcement:
IBM Application Server on Cloud is extended to Bluemix, which enables simple, repeatable, and quick deployments of WebSphere Application Server
After GA, you'll find the service icon in the Bluemix catalog in the Web and Application category.
We are building a project and will be using gwt 2.7 with rest ( spring) and weblogic server.
The problem which we face is that I want to run the gwt module on superdev mode (which runs on 8888 port by default) but the rest is deployed on 7001 port on weblogic server.
I cannot call the rest services from superdev mode as it gives a cross site scripting error.
How can get my super dev mode running so that I can test and develop UI and connect to rest services on different port.
I know there has been topic on use a different server for dev mode. But i don't see any examples.
Can some please suggest wat needs to be done. Even if it requires changing the project structure to get the dev mode working with rest.
This is a common problem for web-development. It can be solved by using:
CORS (at the REST server)
Using a proxy servlet (I use this approach, but with a handwritten servlet)
Disable the browser security (I would not do this)
did you try running GWT module on external server mode?