I'm try to implementing SSO in my existing web applications with using OpenAM by refer following link
http://fczaja.blogspot.com/2012/06/idp-initiated-sso-and-identity_21.html
PS. my web applications have their own login page already
Now what is got after implementation is, openAM login page are protected in my web applications and i need to make login again to my application
what i need is, want to skip the login page of my application to become single sign on.
so, can anyone tell me what tasks need i do left?
do i need to revise my Login page of my application?
do i need any database or datastore to keep user login information?
Now that an OpenAM agent is in place on top of your app, your web app can work under the assumption the there is already a valid logged-in user - you need to remove the login page from your web app.
To get the current user details just alter your OpenAM agent config to set HTTP headers with relevant fields like username, full name, etc. Then instead of a web app login page you just check HTTP headers (should be safe from spoofing as long as the only route into your web app is coming through the OpenAM agent).
Another way is to grab the OpenAM cookie and use it to make REST calls directly to the server. Makes things a little more fragile though because you now need to maintain additional config.
You don't necessarily need any additional user tables / datastores for your web app, only if you need to map their login name to whatever it is your web app is doing (saving preferences, etc) in which case you need to check that the username you've been given already exists inside your app. If not then add it.
We were able to implement single sign on using openam with a JSF web application using Spring SAML extension and Openam.
Instead of agent we used fedelet that way we can port to ant application server
Please see my articles on generic info related to Openam concepts
http://reddymails.blogspot.com/2013/03/sso-for-java-or-net-web-based.html
Steps to integrate JSF 2 web application with Openam using Spring SAML extension and Spring Security.
http://reddymails.blogspot.com/2013/06/integrating-jsf-web-applicataion-with.html
-Ram
Related
I integrated CAS with my apps that all Spring base but I need to enforce the user to re-login for accessing some of the pages for each app and after login user be redirected to requested page.How could I implement this scenario?Is it possible at all with the CAS current features? I don't want to treat this pages as a separate app.I guess maybe using renew parameter or using rest ability be helpful but I am not sure.I am using version 4.0.2 of CAS.
You'll need to study the CAS protocol:
https://apereo.github.io/cas/4.2.x/protocol/CAS-Protocol-Specification.html
renew=true is what you may be after.
I'm not really interested in API authentication - all I want to do is authorize a user who has access to one or many applications from a kind of portal I am designing. We are hosting the all the web applications, some are just Javascript and HTML, some are MVC.
I have created a diagram below with a user called Bob. He is a valid user and is allowed to use an application called "JS" but not MVC. How can this be implemented using Identity Server. Obviously when inside the JS application it still needs to talk to the Identity Server to make sure the current user is valid or else somebody could just copy the url of the app and use the application.
NOTE - the JS application is just a plain old HTML5 and Javascript application it is nothing fancy like an .NET MVC app.
One way to achieve this is by registering individual applications (JS and MVC app) as separate clients in IdentityServer (assuming each application has different redirect URI’s) and restricting access between those clients.
In order to restrict access between clients for an authenticated user, you need to use ICustomRequestValidator interface.
More details in this discussion board and a similar post in SO thread
I am developing a web application where i wish to achieve stateless communication between the client and the server.The server serves out a web page template to a client.Now from the client side i wish to know the identity of the user of the application so that i can print his name on the page.
Since it is a facebook app so i am not providing the option of user to login or logout through my application.
How would i be able to do it?i can not use JSP to serve dynamic web pages and also i can not use cookies.
That leaves localStorage, I guess.
But I do have to wonder what the point is of said application, with only client-side state.
I'm developping a SSO web system for my company. When poeple want access to an application, it redirects the user on the SSO server (web application) which keeps the authenticated user in memory. The SSO server then redirects the user to the application, which is creating its own session.
The problem is when a user spend a lot of time on the application, the session on the SSO is lost.
Have you an idea to resolve this problem ?
My SSO application is an ASP .NET application and others applications could be in ASP .NET or ASP .NET MVC3.
Thanx for your help
You would need to look into setting the timeout values of the WebAgent by observing the typical usage patterns of your users..
So how do you currently handle the user's SiteMinder session timeout..? Ideally you would be using a redirect URL to a custom page that informs the user that the session was terminated, etc.
I would like to integrate two web application (share users) both based on Zend Framework. Where would you start?
Identify all the possible URLs in each application
Write a small routing application
Have your small routing application identify which URL belongs to each application, and then manually "include" the index.php file for each application after manually setting up the environment that the application's .htaccess would normally send
(also, Magento uses components of the Zend Framework, but it's not a Zend Framework application)
If all you need to do is share users, you just need to have each web application map users to one another whenever you do your regular authentication mechanism -- if you log in to WebAppA, then whenever WebAppB checks credentials it should look to see if you're logged into WebAppB, which should be existing functionality, but then if you're not logged into WebAppB, check if you are logged into WebAppA...
If usernames line up, this is easy to medium difficulty depending on the authentication schemes, otherwise just prompt the user once to authenticate to their other account and store the mapping on a successful authentication.