Following excellent article talks about SSO connection between one web application to wso2 IS through SAML2.0.
http://wso2.org/library/articles/2010/07/saml2-web-browser-based-sso-wso2-identity-server
My requirement is to connect multiple web applications through SSO with the wso2 IS. Can anyone give me some light on this how can I do that?
In another words if I login to any one of those webapp I can navigate to other webapps by clicking on the links available on the first webapp without relogin.
Yes. This is possible with WSO2 IS..You can refer this for more information where you can find IS as the IDP for all the webapps...
Related
We are trying to achieve SP-Initiated SAML SSO with ADFS(our IDP) from WebSphere applications. We have used Liberty server which acts as the Service Provider/Relying Party. Using Liberty as a bridge we are able to do Sign-In for all applications deployed in classic WebSphere. But we are stuck at Logout process.
As of now WebSphere does not provide any SAML Logout feature. We tried using session.invalidate() method, also tried removing all cookies and request.logout() method. Though request.logout() removes the Authentication object, still we are able to access the application in the same browser session without any need to enter credentials.
We tried using ADFS WS-Federation Sign-Out URL mentioned here:
https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0
But as because Liberty is not able to handle Logout request and response, sign-out does not happen for WebSphere applications.
Are we following the correct approach? Is there any other work around for achieving Sign-Out?Is there a way to programmatically send SAML Logout request to ADFS from WebSphere?
Finally we are able to achieve logout after the addition of logout functionality in Websphere Liberty by IBM as mentioned here. Liberty is working as SP/bridge for SAML login and logout and applications are deployed in Websphere Application Server.
I am having a Web Application running on tomcat and hosted on amazon, I want to add it as an SAML Service Provider which allows single sign on(SSO) in onelogin(https://www.onelogin.com/)
I have a free trial account in one login, and In Add App section I can see many applications like salesforce,aws and all but how can I add my own application there ?
I clicked on Suggest an App and and gave my application URL. Is there anyway I can add my own application as an SP in onelogin ?
You can use the SAML Test Connector. It works with any generic SAML Service Provider.
If you also need to add SAML support to your tomcat application, you should know that Tomcat does not have a SAML SP provider implementation itself, so you will need to add SAML support to the java application. For that you can use:
OIOSAML
spring security
java-saml
shibboleth (It requires also Apache).
We have a requirement where user needs to login to portal with CAS (but SAML way). User can also login via login portlet of liferay.
We have few apps hosted on Intranet and few on Extranet. When user is in our office network, he should be able to login to all the apps via SSO. This includes apps which are hosted on extranet as well.
To achive this we want to use SAML with CAS.
By doing some research I understand that in this case CAS would be my IDP i.e. Identity provider and my apps on extranet would be SP i.e. service provider
Any idea how to proceed with it?
Any help is appreciated.
I have to do the same thing but using a LDAP too ...
I'm following this cookbook to achieve that, the second chapter talks about Authentication and Registration Process
I hope this would be helpful!!
We are looking forward to implement ADFS to implement SSO across our organization for various set of web applications such as (SAP, Siebel, Custom java based, Asp.net etc.).
I understand based on my research that ADFS can be used to achieve SSO for third party applications using SAML. It can act as an identity provider for third party applications. Please correct me if I am wrong.
Can we use the ADFS to implement cookie based SSO for the various internal web based apps which I mentioned above?? (For Ex: CA Siteminder, ORacle Access manager can work with almost every internal web based application)
In other words: we have one application using apache webserver, one using IIS webserver, one using IHS webserver; can ADFS be used to achieve Single sign on with all these applications??? If yes, How ???
Thanks in Advance...!!
Ashish
ADFS implements SSO via federation using either WS-Fed or SAML 2.0.
If these applications can support these protocols, then yes just federate these products with ADFS and you will get SSO.
e.g. SalesForce SSO with ADFS.
For Java you need a SAML stack e.g. Spring Security.
For ASP.NET, use OWIN or WIF.
New to JAVA. I developed Web application(JSP) successfully delpoyed on TOMCAT 6.0. Now the client want to use external SSO to authenticate users. As of now when the users are authenticated the website is displayed with Login Page where the user has to login again.
I am using the Login.jsp to bring the user roles from the SQLDB for Website.
What I want to accomplish now is when User is authenticated login.jsp should retrieve the credentials from the SSO and display the website thus accomplishing the purpose of Single sign on process.
I read a lot from this forum and other websites but kinda lost in the process.
Any help would be appreciated.
thank you
We developed a Tomcat extension (valve) which does just that. Basically you use standard J2EE security (role-ref etc) in your app and our Tomcat valve then acts as a bridge between Tomcat and our SSO platform. You can find out more at www.cloudseal.com
Of course you may not want to use our SSO platform :-( but you can still use our Tomcat valve and modify it to fit your needs. It's released under an Apache 2 license and you can grab the source from Github