How can I use ServiceStack's Credentials authentication to implement a custom OAuth2 solution? I am trying to use it so I don't have to use 3rd party providers like Google.
The CredentialsAuthProvider is not an OAuth2 provider, it enables a conventional UserName / Password Login and uses ServiceStack's built-in /register Service for Registration/SignUp.
The HttpBenchmarks LiveDemo explains how to enable both Credentials Auth as OAuth Providers in the same application.
Related
I have a React App + Set of lambda's which are using JWT api gateway authorizer (using cognito user pool as IDP)
Additionally I have an Auth0 app + SAML IDP-initiated enterprise connection which direct the logged users in my React App along with SAML assertion.
What will be the best and simplest solution to enable users who are directed to the React app with the SAML to be authorized in the API gateway?
I have came up with this possible solution: create a custom API gateway authorizer which will accept the SAML assertion and will validate it using passport.
Is my solution applicable?
Is there an existing solution (code reference) for such authorizer? (could not find such...)
Are there simpler \ better solutions?
I'm trying to create a SAML IDP for the system I built. Probably I'm getting confused with concepts. My problem is as follows:
This system was built in SymfonyPHP which authentication is made by OAuth token. Nothing so special, the username and password are passed to the /auth endpoint and the request returns the token if the credentials are valid. It's working fine.
Now I have to integrate this credentials to a client system. Once the user is logged to my system, so it should be on the client side (like the "login with Google button). I've been searching and realized I should use SAML for that.
I installed the SimpleSAMLPHP and I'm trying to understand how to set it up as my IDP. Once it's made, I can create SPs for my clients systems.
Question: how to make the SimpleSAML use my existing service for authentication? Which module should I use?
With SimpleSAMLPHP acting as an IdP, you want to have a look at authentication modules. The latter is a component that encapsulates the mechanics of signing into the identity provider. For example, if you were trying to sign in to the IdP with your Facebook account, SimpleSAMLPHP ships a FB authentication module that does this for you.
If your existing service can be supported by one of the SimpleSAMLPHP modules, then you're all set. Else, you need to develop your own module.
I have the following:
An existing WEB application using SAML for authentication. Using B2C custom
policies, I have successfully set up Azure AD B2C to allow this
application to authenticate users using SAML.
An API (ASP.NET Web API) using OpenID connect to authenticate callers (on the same Azure AD B2C).
I would like to authenticate calls from the Web Application to the WebAPI using the identity of the Web application authenticated user.
So I have would need a JWT token so I can validate it in my API middleware.
Is there any simple way of converting the SAML Assertion to a JWT token so the Web application can send it to my API with requests ?
I have read somewhere that IdentityServer could do the job using Azure ACS (For AAD B2C ?) but I understand that ACS will be retired on November...
Thanks.
You can ask your IDP to provide the JWT token as a SAML attribute inside your current SAML tokens, or ask them to provide you with an alternative way of acquiring the JWT tokens you require.
Also, you can configure IdentityServer to return JWT. Go to global config and change the default token type to JWT (same value as the default http token type).
I have my UI application which uses AWS Cognito for user authentication. We have successfully integrated the SAML identity provider in our Cognito UserPool.
Now i want to support SSO using AD FS.
Below is my URL which i can use to ADFS login.
https://adfs.DOMAIN.com/adfs/ls/IdpInitiatedSignOn.aspx
I have read this AWS Doc to configure for any aws management console.
But what steps i should follow to enable this for Cognito.
Any help?
From the Amazon Developer Forums: "Cognito User Pools do not currently support the IdP-initiated SAML flow."
If you are able to use Open-ID rather than SAML you will be able to overcome this issue. If SAML is a must, you may have to wait until support for the IdP-initiated SAML flow is provided.
I am using ServiceNow REST API calls to get ServiceNow records inside my application. My application takes username,password and domain url of their servicenow account from the user to do this. I have this situation where one of my client uses OneIdentity SSO for their servicenow application. How can I make REST calls in that case?
I should be asking them to provide a local account credentials instead of SSO credentials or is there anyway I can bypass the REST calls with SSO ? If so how ?
I should be asking them to provide a local account credentials instead
of SSO credentials
Yes, web services are not authenticated in the normal way people use to log in to the system, all of them are using the basic HTTP authentication (even if you are using the SSO URL to call the web service)
References: Service now community URLs [1] [2] & My tests using Postman :)