I am trying to setup WSO2 cloud identity server (stratoslive) as the identity provider and salesforce as a service provider. Basically in salesforce I want to leverage the salesforce federated single sign on feature and connect with stratoslive identity server. Will be helpful if anyone can give me a link to follow or can guide me with the steps.
I am relatively new to the identity and access domain and for one of my project I need to setup WSO2 startoslive as identity provider and salesforce as service provider and have to fit in SAML in this process.
Thanks
Indranil
These links should be helpful to implement your use case:
WSO2 SAML Single Sign-On with Google Apps Tutorial
http://wso2.com/library/articles/integrate-google-apps-wso2-cloud-identity/
WSO2 Identity Server Single Sign-On Documentation
http://docs.wso2.org/display/IS450/Managing+Single+Sign-On
Salesforce SAML Single Sign-On Reference
https://help.salesforce.com/apex/HTViewHelpDoc?id=sso_saml.htm&language=en
Related
My requirement is to setup SSO between Salesforce Commerce Cloud B2C and BlackBoard/BrightSPace. Which means Salesforce Commerce Cloud will be IDP.
So when I try to login to BlackBoard/BrightSPace then if should redirected to CommerceCloud for login Authentication.
Please let me know how it is possible.
Hard to achieve, check SAML architecture, you should construct custom endpoints on CC side for that, also use private and public keys / certificates (public key will come from external cloud)
We are in process of building a series of apps that will run offline or in very austere environments. We'll also be integrating with other 3rd party apps. Many of these will require logins so we're attempting to use SAML to handle login between them.
I found saml2-js:
https://github.com/Clever/saml2
And it seemed like a great starting point for both the SAML Service Provider and Identity Provider - but diving in I now see it does not implement the Identity Provider at all.
I already have a basic SAML Service Provider setup, but we need an Identity Provider that can run offline. Are there any Node or GoLang Identity Provider libraries we can use to implement this? If not, another recommendation?
Passport is the usual Node option but that's client side only.
There are a number of IDP's you can use e.g.:
Free: simpleSAMLphp / Shibboleth / identityserver4
Cloud: Auth0 / Okta / Azure AD
On-premises: ADFS
We are using WS02 ESB to create cloud app connections to our platform.
Our current issue: If we want to connect to any app (take salesforce as an example), we need the following details:
UserName
Password
Token
As a pre-requisite, the salesforce account should be API enabled.
We thought of using SSO in backend to avoid (3) and (4), but it's not possible with SAML(SSO).We are looking into ways to connect and publish data to salesforce with just Username(1)/Password(2). In this process of evaluation, SSO is one of the options
Any suggestions on how we can get the below details for APPS would be much appreciated!
• How do we get Token
• How we accept only the accounts where API's are enabled.
As far as I understand what you need is to call an SAML SSO secured backend app (i.e :- salesforce)?. If its the case you may use WSO2 Identity server for this purpose.You can obtain tokens from it.Further You can use this guide and this to call SAML secured backends through ESB.
Hope this helps.
You can use ESB Connectors to connect with Salesforce API. You can find Salesforce SOAP connector (which uses the username, password, and security token for authentication), Salesforce REST connector (which uses OAuth protocol) and Salesforce bulk connector (which also uses OAuth protocol) at WSO2 Store.
In WSO2 we have 150+ ESB connectors to communicate with third party API's via ESB. You can download the connector from WSO2 Store and can follow the documentation here. In connectors we have the mechanism to connect the third party API's(For Example In salesforce SOAP based connector we had the username password flow and for Salesforce REST connector we had oAuth 2.0 flow and the username password flow). In all connectors you just call the init method to get the Token to access the API.
We are trying to leverage BlueID/IBM ID authentication for our application deployed on Bluemix node.js instance. Is it possible to configure the Bluemix SSO service with Blue ID (OpenID) authentication. Right now I see support for SAML, Cloud Directory and some social networks. But I am really interested to know if the SSO service has support to use Blue ID authentication?
Bluemix Single Sign On does not currently support the standards for IBM ID login.
I'm developing a number of RESTful API's and they are consumed by another web applications.
What is the most secure protocol (SAML2 or oAuth2) for use in this scenario ?
What is the best approach to secure RESTful web services using WSO2
Identity Server ?
First differentiate OAuth and SAML, its not about what is more secure but what is most suitable for your scenario. SAML is mainly used if you need to have SSO (Single Sign On), Federation and Identity Management. OAuth is a authorization resource standard [1].
You can simply secure REST APIs by using only WSO2 APIM which has OAuth out of box. You can easily follow APIM Quick Start guide and setup it [2]. If you need to achieve more requirements like SSO and federation, you need to integrate WSO2 IS [3]
[1] https://dzone.com/articles/saml-versus-oauth-which-one
[2] https://docs.wso2.com/display/AM1100/Quick+Start+Guide
[3] https://docs.wso2.com/display/CLUSTER44x/Configuring+the+Identity+Server+5.1.0+as+a+Key+Manager+with+API+Manager+1.10.0