just wondering if there is any module available that is implementing simplesamlphp as a SSO library that is getting used in Silverstripe?
Cheers
RD
The Shibboleth Module implements simplesamlphp:
https://github.com/silverstripe-labs/silverstripe-shibboleth
It appears this module is for Silverstripe 2.4 and not the latest version Silverstripe 3.0.
Related
I'm new with sso login (ADSF - SAML2) with Umbraco v8 and I need some help to know if this is the right package for me.
I'm working on a website using Umbraco CMS v8 and I need to create a custom members login (frontend) using the sso authentication of my company (ADFS - no Azure AD) and my custom login form (C# and .Net Framework 4.7.2+).
I found on NuGet the "itfoxtec-identity-saml2" package that can be used to do it and I saw that there are two packages that could help me: "ITfoxtec.Identity.Saml2" and "ITfoxtec.Identity.Saml2.Mvc"
What are the difference and what reccomand to use?
Any other suggestions to create an SSO Members Login in Umbraco v8, is welcome.
Thank you and I look forward to your reply
Adriano
The ITfoxtec.Identity.Saml2 is the base component implementing the actually SAML 2.0 standard.
The ITfoxtec.Identity.Saml2.Mvc and ITfoxtec.Identity.Saml2.MvcCore implements the elements needed to integration with ASP.NET MVC. The ITfoxtec.Identity.Saml2.Mvc component is for .NET Framework and the ITfoxtec.Identity.Saml2.MvcCore component is for .NET Core and .NET 5.0.
I'm afraid that i do not know anything about Umbraco, sorry I cannot help you there.
I followed official documentation from : https://docs.wso2.com/display/IS541/Integrating+WSO2+Identity+Server+with+Liferay to Login in my Liferay Portal with wso2is user, but it not work for me in wso2is-5.4.1 and liferay6.2ga6. When I try login, liferay's log print "Primary URL :https://wso2is.local:9443/services/Secondary URL :null" but no call to wso2is server is done.
I added this lines into my portal-ext.properties :
auth.pipeline.pre=org.wso2.liferay.is.authenticator.WSO2ISAuthenticator auth.pipeline.enable.liferay.check=false wso2is.auth.service.endpoint.primary=https://wso2is.local:9443/services/ wso2is.auth.thrift.endpoint=localhost wso2is.auth.thrift.port=10500 wso2is.auth.thrift.connection.timeout=10000 wso2is.auth.thrift.admin.user=admin wso2is.auth.thrift.admin.user.password=admin wso2is.auth.thrift.endpoint.login=https://wso2is.local:9443/ wso2is.auth.thrift.system.trusstore=/wso2is-5.4.1/repository/resources/security/wso2carbon.jks wso2is.auth.thrift.system.trusstore.password=wso2carbon
Is there something wrong?
Unfortunately, a lot of the WSO2 documentation is very crufty, containing articles that have been pulled forward from previous versions of the documentation without regression testing on the use cases they present. In short, there's stuff in the documentation that plain doesn't work. If you look at the bottom of the article you'll see the following:
Please note that the above configuration is tested with Liferay 6.1.1
and WSO2 Identity 3.2.3/4.0.0.
I recall I tested this a long time ago, and determined that it wouldn't work with the current version, but that was so long ago that I can't remember why. In any case, the approach presented for integrating Liferay was offered at a time where Liferay didn't have the ability to use standardized authentication protocols like SAML. Now that it does, you probably want to do it in a standards compliant manner instead of using an authentication interface Liferay only promotes using for proprietary authentication systems.
My suggestion is that if you are using Liferay portal enterprise with LDAP that you use the built-in SAML connector. If you aren't using Enterprise, there are some compatible authenticator extensions in the extensions store that will also integrate with Liferay. If you configure Liferay to be a client against WSO2 and then integrate Liferay to LDAP on the backend, it also allows Liferay to be used as a user dashboard instead of the jaggery based one that comes in the product.
I want to use SSO jbpm 6.2 via CAS server 4.0.0 (and cas is running on tomcat) but i don't know how to do it. I searched on google but i can't find how to config wildfly of jbpm 6.2 with CAS server.
Please help me, thank you for your help !
I have no expirience with CAS but this tutorial helped me set up jbpm 6.1 with WSO2 Identity Manager.
http://riyazmsm.blogspot.mx/2014/05/jbpm-60-sso-integration-with-wso2.html
It might not be the same but this can put you on the right track since CAS can also handle SAML. Wildfly uses picketlink to handle security federation, reading the docs will be helpful on your journey.
I'm developing a java Security Token Service using the Metro framework in NetBeans 8.0 following this tutorial: https://metro.java.net/2.0.1/guide/Building_custom_STS_.html
I've implemented the STSAttributeProvider interface to provide custom attributes and build up the <AttributeStatement>. In the same manner I would like to add an <AuthenticationStatement> block in the SAML response but I can't seem to find out how to do this. What would be the correct approach?
Thanks!
I'm trying to setup SAML based SSO for set of WSO2 products (all used by latest versions available for now):
WSO2 Identity Server 4.5.0
WSO2 Business Rules Server 2.0.0
WSO2 ESB 4.7.0
WSO2 Business Activiti Monitoring 2.4.0
WSO2 Application Server 5.2.0
SSO works fine for BAM and AS, but failed for other servers (BRS, ESB).
I'm getting on IS side exception like:
[Fatal Error] :1:1: Content is not allowed in prolog.
[2013-11-01 22:16:26,830] ERROR {org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil} - Error in constructing AuthRequest from the encoded String
org.xml.sax.SAXParseException: Content is not allowed in prolog.
nd
As I understand problem is: IS, AS and BAM all based on carbon 4.2.0 - and as result SSO working fine, but BRS and ESB latest versions based on older carbon (4.1.0 or 4.0.0) and there are compatibility problem in message encoding between different carbon versions.
Question - is it possible to fix somehow tools based on older carbon version to make it working with latest carbon 4.2.0 based IS 4.5.0?
Or, in general, how setup SAML SSO independently from each carbon (or even not carbon-based at all) service providers used?
Yes this is a know issue. Identity Server 4.5.0 can not be used to do SSO with older carbon versions. This is due that SAML2 SSO authenticator in older carbon version is not complaint with IS 4.5.0 IDP. Actually there is some bug in the older versions. However there are some fixes for that. They can be found in public jiras (not sure). ESB and BRS are going to release soon, before end of Nov, Therefore you can try with newer versions as they are also based on Carbon 4.2.0 platform,
I am getting exactly same issue with same configuration. #Asela as you mentioned, I can either go with ESB 4.8.0 (or) IS 4.1.0; but what kind of issues we'll have when we go for decentralized federated SAML2 IdP.
Is IS 4.1.0 is compatible with ESB 4.7.0, and is tested in decentralized federated SAML2 IdP? If so, we would downgrade our IS to 4.1.0.