For a project I am working on I need to create a digitally signed SOAP request in ColdFusion 8. I was recommended to use Apache WSS4J, but was told by the platform manager that the server runs on WebLogic not Apache. Is it possible to use WebLogic to digitally sign a SOAP request in ColdFusion?
Related
I have an azure web app. Now, I am trying to install shibboleth service provider for my web app.
I found a way to do this though this blog.
Is there any other way to set up shibboleth sp without installing a VM on azure?
I have searched a lot on web but all they show is to set up SSO in azure using Azure active directory as IdP.
Is there any way to configure my external Idp to web app in azure?
SSL is the first layer of defense for an SSO web application. Thus you must obtain an SSL certificate for your web site’s URL.
The biggest trick seems to be configuring Azure and Visual Studio to not get confused between the remote desktop certificate and the SSL certificate. The Azure instructions for configuring SSL you could refer to.
Here are the most important points as below:
1.You will need to have the certificate in a PFX file so it can be uploaded to Azure. This PFX file must contain the certificate’s private key! You will also need the certificate thumbprint.
2.Modify the cloud service’s service definition and service configuration files.
3.Upload the SSL certificate to your cloud service application.
4.Now the SSL-modified cloud service application needs to be uploaded to Azure.
5.Browse to your web site using HTTPS. Fingers crossed! It should work but HTTP should be rejected.
If you need to set up a test IdP, Microsoft has produced a series of videos on how to do this.
Of course there is the Shibboleth IdP documentation at shibboleth.net.
You should also have downloaded the Shibboleth SP 64-bit Windows/IIS 7 MSI file.
Get the latest version from the download site.
Now when you browse to your Azure web site you should be redirected to your IdP’s login page. Once you successfully log in you should be redirected back to your web app. There will now be session variables that contain authentication attributes such as IdP URN, user name, and so on.
For more details, you could refer to this blog.
I create a client in Domino to consume a web service that works with SOAP 1.2 and has HTTPBinding.
The client generation tool for Domino Designer Web services an error is displayed when trying to generate reporting that the SOAP accepted version is 1.1.
I decided to create the client with CXF framework through tool wsdl2java. In an agent I used these classes to consume the web service, however the below error was displayed. I think it's because of the SOAP version, but I'm not sure.
com.sun.xml.internal.ws.protocol.soap.MUTube getMisUnderstoodHeaders
INFO: Element not understood={http://www.w3.org/2005/08/addressing}Action
Also generated a jar of classes generated by wsdltojava and imported to another agent, but the error below is displayed.
java.lang.UnsupportedClassVersionError: JVMCFRE003 bad major version; class=, offset=6
The question is, no way consume a web service with SOAP 1.2 in Domino only supports up to version 1.1?
Thanks a lot!
I don't believe that Domino's web service consumer supports SOAP 1.2 at this time. You might be able to do what you need with an agent though - here's one way: How can I call a SOAP 1.2 Web service from a LotusScript agent?
In fact there is no way to natively consume a web service with soap version 1.2. There are already several requests from IBM to upgrade the SOAP version. What I did, was to develop a new layer through a new web service with the version SOAP 1.1, which internally calls the web service with the SOAP version 1.2;
I am having a Web Application running on tomcat and hosted on amazon, I want to add it as an SAML Service Provider which allows single sign on(SSO) in onelogin(https://www.onelogin.com/)
I have a free trial account in one login, and In Add App section I can see many applications like salesforce,aws and all but how can I add my own application there ?
I clicked on Suggest an App and and gave my application URL. Is there anyway I can add my own application as an SP in onelogin ?
You can use the SAML Test Connector. It works with any generic SAML Service Provider.
If you also need to add SAML support to your tomcat application, you should know that Tomcat does not have a SAML SP provider implementation itself, so you will need to add SAML support to the java application. For that you can use:
OIOSAML
spring security
java-saml
shibboleth (It requires also Apache).
As a requirement I need to configure 2 enterprise applications using SAML token.
Due to following listed constraints I need to write individual services for token generation and token signing.
The Constraints are:
No IdP(Identity Provider) available. No associated metadata file available.
Need to use SAML 1.1 version
Need to self-sign the SAML Response.
As part of POC I am able to generate SAML Token using 2.0 version by writing a service which is forwarding to Signing service for signing. I am able to sign it by generating certificate\keystore using Windows keytool command.
Although For SAML 1.1 Implementation using OpenSAML library I am unable to generate the SAML request message in proper format. I looked for additional libraries which could help like WSS4J which has SAML Token Profile Generator.
Also some configuration around IBM Websphere Application server (SAML Token Generater) as that is the used for hosting an application. Still could not implement the solution using the above options.
Questions:
Is it possible to do a SAML implementation without using a IdP Server ?
Can I use IBM Websphere Application Server(WAS) as IdP Server?
Can WAS be utilized for generating STS tokens ?
Any library like OpenSAML, WSS4J which can be helpful to generate & Sign SAML Tokens easily for SAML 1.1 version ?
This is a classic example of too much information = too much confusion.
I have a ASP.NET web application that uses the usual POST form authentication and would like to implement SSO.
Since we're a Microsoft shop we will use the ADFS 2.0. In order to implement SSO I understand that I will need to have also WIF to process SAML requests?
Do I install the WIF under the same server as the ADFS?
I still want to re-direct failed SSO requests or non SSO requests to use the form, how do I handle this?
Can someone please describe the flow?
Thanks!
ADFS Supports two protocol for authenication.
1) WS-Federation Protocol
2) Web SSO SAML Protocol
*In Ws-Federation scenario*
For SSO between your Application and ADFS (Build trust relationship).
1) Install ADFS & WIF on one server , Create some users in AD.
2) Generate Federation Metadata.xml file in ADFS, save it one place for
future need.
3) Use Windows Azure Access Control Service(ACS) for
simplicity. (It will do all heavy lifting of your authentication
process of token coming from ADFS)
4) Generate Federation
Metadata.xml file in ACS and Import in your ADFS server as relying
party. (give some claims as well)
[http://blogs.msdn.com/b/card/archive/2010/06/25/using-federation-metadata-to-establish-a-relying-party-trust-in-ad-fs-2-0.aspx?Redirected=true][1]
5) Import federation metadata.xml
file from ADFS server to ACS and Add it as Identity provider. (add
claim processing rule)
6) Now in your web Application use WIF
FedUtil Tool and import ACS federation metadata.xml file.
That's it.. you are good to go..
For Web SSO SAML protocol you have to do manual job of coding.
UseCase:
User will hit your application.
User is not authenticated so he will go to ACS and ACS will redirect it to ADFS login page.
User enters credentials. ADFS issue token to ACS with some claims. ACS will
transform incoming ADFS claims and give it to your application.
your application is now authenticated so you can use claims and do
authorization stuff.
You can use URL scheme to check where this request should go to your forms authentication or ADFS authentication.
eg. : http://somedomain.com/forms or http://somedomain.com/ADFS
So you are using SAML to some 3rd party STS?
WIF (out the box) does not support SAML.
There is a WIF SAML extension but this is only CTP (Community Technology Preview) at this point.
WIF is integrated with your ASP.NET application. For .NET 4 and below, there is a separate download. For .NET 4.5, it's integrated.
WIF is just a set of .NET classes inside your application.
You integrate WIF with your ASP.NET application using a tool called FedUtil which is part of the WIF SDK download. (Invoked by "Add STS" inside VS).
The ADFS install installs WIF on the server but this is seperate to your application.
The flow is:
.NET Application --> (WIF) --> (WS-Federation) --> ADFS --> (SAML) --> STS