anyone knows how to set up (if possible) wso2 identity server to have Facebook as an identity provider?
I mean allowing users to log into my wso2is using their Facebook accounts, instead of wso2is credentials.
Thanks!
On the upcoming WSO2 Identity Server release (4.7.0) this could be done in couple of clicks.
But if you wanted to do with current release (4.6.0) i think you have to write a Facebook authenticator.
HTH,
DarRay
Related
I do not see [Application Groups] folder in my ADFS. How can I install it to see it in my AD FS Management?
I want my WEB API(REST) project to connect to ADFS for authentication. Additionally, I want to test my REST API Authentication without a login screen, please help in this as well. My API will be consumed by CRM users, who are already connected to ADFS. Now the requirement is to create an REST API which will be hit by CRM users and CRM user will pass a userid and password which will be authenticated by ADFS internally without login screen. How can I do that?
Any help please.
Thanks
Application Groups are only available in Server 2016 and 2019. They are available in the ADFS wizard by default.
In terms of sample code for calling API, have a look here.
I have created a new ASP.NET web site using VS 2017 and changed the Authentication mechanism to use "Individual User Accounts". This adds the Claims Principal or WIF class support.I can click on register / log in, and set up user emails and then check for the claims for that user. I will also be using Server Session Authentication Management (SAM) to save claims on the server and do some claims transformation as well.
After Login, this site calls a winform application, and after some activity I return back to the above website.
I want to know how can I use SSO logic here and check if I am already Authenticated and access my claims saved at the server side / website and authenticate the user based on the saved claims.
Is there some project or code example anyone can give which i can use as a start to develop such a STS service (in VS 2017) with SSO and access my claims on website after coming from another domain?
The identity and access tools used to work only with VS 2012, so any way to replicate the above scenario and check for my saved claims after I hit my website from the winform application.
There's a good example here of using WS-Fed with Azure AD.
This is easily adaptable to ADFS.
Your other choice is to use ADAL.
I am starting to work with Dynamics 365 Portal add-on (Online, not on-prem), which I've configured to use an external authentication provider in the form of Identity Server with OpenId Connect. The problem with this is that I don't have access to the under-the-hood portal authentication process, there's just a few basic config settings and users can authenticate using the external IdP. I can't access roles, claims, or any custom info that might come back as part of the OpenId Connect user's profile (userinfo object response). I need to get at that data to customize the portal user experience. I've looked through whatever documentation I could find on the portal but can't find anything. Am I missing something or is it just not possible to access that info and customize the portal login process? Since it doesn't seem possible to do anything server-side within the portal because it's Online, can I do anything client-side within the portal to get the OpenID access token and call the UserInfo endpoint with that?
I had a case open with Microsoft and finally got an answer from them: In Dynamics CRM Online with the Online Portal add-on, there is currently no way to access anything coming back from an external identity provider. So for example, if you've configured the portal to use an external identity provider such Google, Facebook, etc, or like in my case an Identity Server instance with OpenId Connect, you can't access the claims or any other info coming back from the provider.
UPDATE:
I got another response from Microsoft support: they have confirmed their dev teams are working on making this available but don't have an ETA yet. At least it's on their radar.
I have an ADFS single sign on application. Can we also have form authentication using login credential from a database on the same application? In other words, I need single-sign-on for people who have windows account and form authentication for people who do not have windows account. I did some research on this topic but I have no lead. Is there any suggestion?
Out of the box ADFS can only authenticate against Active Directory (The latest version of ADFS (vNext) do supports LDAP v3-compliant directories).
You need to build your own Custom Authentication Provider for ADFS if you would like to plugin your custom code.
Some pointers for further reading:
Understanding WIF 4.5
Create a Custom Authentication Provider for Active Directory Federation Services
We have a web application (asp.net mvc 3) that should support SSO for internal uses via AD. We also have a large community of external users that we want to have SSO for all of our web applications. for example: external_user1 accesses webappA, webappB and webappC all with the same login. Also, domain\user1 has access to all three webapps. we plan to use WIF and ADFS 2.0.
We don't want to have AD accounts for all of the external users so, in the past we might have tried a solution with ADFS 1.x and ADAM. however, we're on Windows Server 2008 R2 and ADFS 2.0 cannot use AD LDS (successor to ADAM) to authenticate users.
What is the SSO approach (using microsoft products)?
The key question is whether you can leverage external_user1 account store or not. If you can, then you would just need to add another trust relationship between your ADFS and their STS and you are done! That approach would be ideal, because then you would not need to maintain external_user1 anymore. Essentially this:
If you can't leverage ther user accounts, then you can still use ADFS v1.1 and have a trust with yourself:
Could you not create a custom STS that does allow authentication against ADAM and that has a trust relationship with ADFS v2.0?
In addition to Eugenios answer, you should investigate Microsoft Azure ACS. This will give yo you federation of Gooogle, Facebook, Yahoo and other OpenId providers.
Your authentication chain will look like this:
Your App -> ADFS -> Active Directory
or
Your App -> ADFS -> ACS -> Google.
Search for the ADFS tag in this site, and you will find many relevant posts.
Though this question was for ADFS 2.0, in which support for LDS as an identity provider was dropped, it looks like this will be re-introduced in ADFS 4.0
https://technet.microsoft.com/en-us/library/dn823754.aspx
https://jorgequestforknowledge.wordpress.com/2014/10/20/configuring-a-new-identity-store-as-a-claims-provider-in-adfs/