I work for a company which prohibits the use of open source and, for some reasons, I wouldn't be able to buy a single sign on solution from the market. Is there some tutorial which could explain what is envolving in developing a single sign on solution? This can be done in Java or Dot Net as long it is able to communicate with LDAP. Any idea will be appreciated.
On the wikipedia page List of single sign-on implementations you can find a list of SSO implementations, there is a column indicating the licence. Some of them are open-source, you should start a comparison of them to find which best suits your buisness requirements.
I can't recommand you to rewrite a SSO from scratch, it will cost you more time than choosing an existing free and open-source implementation, and your home-made implementation is subject to security issues if you don't have the right expert guy working on it.
I'd go with SAML.
It's an open standard used for sso solutions. In fact, i worked at a company where we built our own SSO around this.
And for LDAP integration, you can build something by yourself, or check Microsoft's Active Directory Federation Server, which I think is SAML-compatible
Related
I apologize for my fundamental lack of knowledge in regards to these technologies in advance. I'm having a bit of trouble understanding the whole Azure AD/Authentication process in general, and I don't feel that Microsoft's support documents adequately describe much of the process.
I appears to me that the REST requests themselves are quite simple, and the following page seems to detail them quite well. https://msdn.microsoft.com/en-us/office/office365/api/files-rest-operations
However, what I fail to understand is the authentication process.
My goal here is to determine if what I'd like to do is even possible, so I will begin with that. What I need to be able to do is to be able to make REST API calls from a JSP or potentially a PHP script to access a link to a file located on a user's Onedrive for Business account. To put it simply, I would just like to be able to quickly get a publicly accessible link to a user's file. From the perspective of having access to the REST API, that seems to be a simple task, my challenge is understanding and implementing the capability to do so.
Correct me if I am wrong, but my current understanding of the process goes something like so.
Create an application in Azure AD, you need to define a location for signing on. I'm not certain how this works at all, does the defined location need to be making a request to sign on somehow? Does it need to exist on the same domain? I honestly have no idea the nature of how you actually go about signing in, but it requires some authentication of the application as well.
Once you have signed in, you have access to a 'security token' that has information about the application and what it can access. how is this token stored? A server session, browser cookies?
Somehow you pass this token along with your REST request and it is determined that you have access to the information you are requesting.
I have used pre-made JavaScript file pickers in the past to facilitate the selection of user files for things such as Google Drive and Dropbox, but it doesn't appear as though any such tools exist for Onedrive for Business, so I will need to become familiar with the authentication process myself. Looking into the Microsoft documentation has only served to confuse myself more, and unfortunately all of the examples are for .NET projects as far as I can tell. I am afraid that this means that is it only possible to access this information from a .NET project, but please correct me if this is not the case.
I realize that this question appears extremely ignorant, and that's likely because it is. Moving from JavaScript file pickers to something like this appears to be a significant leap in required technical prowess, and I'm still rather new, so please forgive my inexperience. Most importantly I'd like to know if what I'm looking to do is possible at all, and secondly if there are any readily available resources that are a little more focused than the Microsoft documentation.
Thanks in advance for any assistance.
There are some great resources available for coding for Office 365 and not just those on MSDN.
The best place to start is http://dev.office.com. This is the destination for information on O365 development. You can get to the documentation, training materials and code samples. The code samples have a filter so you can search on a number of properties including language and product. There are samples of course for .net, but also for iOS, Android and PHP, which is what you mention you want to use for your project.
http://dev.office.com/code-samples-detail/2138
This sample connects to the calendar, but the important part is understanding the authentication process for your application to Azure AD. Once you get the authentication working, you can call the other O365 services by getting the resource url to the appropriate resource from the Discovery Service.
If you need more samples, http://github.com/officedev is the place to look. These samples are from Microsoft, the community as well as the code used in Microsoft and community training events and presentations.
If you prefer, some great training courses exist on Microsoft Virtual Academy for Office 365 development. These are online videos that are broken into chapters and sections so you can easily find what you need. They often have labs associated with them as well. I recommend the Intro to Office 365 Development - Section 5 to get a quick overview of the Office 365 APIs and then look at the Deep Dive: Integrate Office 365 APIs in Your Web Apps.
If you still have questions, this is the place to post them. Hope this helps. Reply if you have any questions.
I have requirements to establish a CMS system for enterprise and it has to be java based open source, I found out that liferay has CMS capabilities but I'm not able to find any detailed description of the features introduced on its CMS , also I found some people are talking about integrating Liferay with Alfresco ! does this mean that Liferay is not a complete CMS ? appreciate if anyone can guide me through this and provide me with any resources detailing liferay CMS features
Yes, Liferay has CMS features - coming from a portal background the CMS is only one of the many features delivered out of the box. A portal typically is an integration platform for any kind of application. If you ever only need CMS, it might be that "pure" CMS products offer a bit more of functionality, however, many people are very happy with the CMS functionality Liferay provides. And if you're not, it's typically easy to extend (this is the point of a portal).
Systems that start being a CMS and want to extend that with applications (who doesn't want that) typically have a different mindset - "everything is content" - and naturally your application feels a bit more like "content". The portlet standard, together with the additional APIs that you have available, is a nice way to start.
For CMSs the way to go is typically a proprietary API to extend it. In a portal, a CMS is one of the possible applications available.
Regarding Alfresco: Yes, you can combine it with Liferay. While Alfresco tends to come more from the Content-side, Liferay comes from the portal/integration side. I'd ask you to evaluate both first and see if you are missing vital features in any. Then evaluate which pain you'd like better: 1) Add the missing features you want in the system you decide for, or 2) integrate both systems and run them both. Of course, the optimum result is if only one of the two is sufficient for your requirements. Then project into the future and try to find out what you'll miss first.
There is no correct answer to this question, it all depends on your requirements, experience and ability to learn and administrate one or both of the systems.
Disclaimer: See my profile to detect my implicit bias - I hope to not stress it too much in this answer.
I decided to look into using Google Identity Toolkit. I knew I liked the UI, and the idea of using a "federated" login system. I'm now having my doubts, as while my site works well with gmail/ymail/hotmail etc, it doesn't seem to support any of the social platforms.
Essentially, I just need an email address from people to be registered with the site, so I thought GITKit was the perfect solution.
Should I have gone down a custom route (like stackoverflow?), or have I missed some of the GITKit documentation?
Any help would be much appreciated.
I did do a fair amount of googling prior to posting that question. However, I have come accross some answers. Rather than delete my post - I guess I should share the information. If others thought the information was clear, please delete this thread!
Firstly, there is a page identifying how to add custom IDP's: https://sites.google.com/site/gitooldocs/customidps
There is also a sample site (http://www.openidsamplestore.com/localmapping/) which uses facebook.
How does the advanced demo work for identity providers who are not
E-mail providers, such as social networks?
The hardest part about
designing the advanced site was to find a way to handle all the
edge-cases that can happen with these types of identity providers.
Google previously published a summary of best-practices for
account-linking that describes why these types of identity providers
are so much harder to support. However this demo provides a user
self-service mechanism for all the tricky cases to avoid the costs
that a website might otherwise occur if those users contact a customer
support representative.
Finally, a best practices run-down is available here:
https://sites.google.com/site/oauthgoog/UXFedLogin/loginlogic
EDIT 1 :
If that identity provider asserts email addresses that it does not
host, we suggest you also implement additional account linking logic.
A future version of GITKit will add support for these type of
identity providers, such as social networks, which will avoid the need
to implement that logic
Perhaps GITKit is the future after-all... Would be nice to have an idea of the time-frame in which this support will be added though...
EDIT 2 :
Direct from the horses mouth (Eric Sachs # Google - Source Link):
That feature is not expected to be generally available in 2011. We
are shooting for Q1 2012
Looks like someone got it working back in Dec 2011 but there is still an outstanding issue with mapping the id returned to an email address. It was probably resolved:
https://groups.google.com/forum/#!searchin/google-identity-toolkit/facebook/google-identity-toolkit/2218yW4zXw8/28X7btJEh_sJ
Here is the documentation for the sample store including brief info on basic, mobile and advanced mode (using facebook):
https://sites.google.com/site/oauthgoog/Home/openidsamplesite
An out-of-the-box IDP for facebook and twitter has not yet been released.
Me and my team were tasked to integrate our application with Alcatel Genesys call center, but we don't have access to a proper instalation nor equipment (like, for instance, phones).
Is there some kind of software I can use to simulate such environment to test our application? And where should I begin researching how to do this integration?
(PS: I posted this same question on https://serverfault.com/questions/308381 - I didn't exactly know which of the sites this really belongs to).
Doesn't look like there is a public one. You would probably have to go through one of their product managers.
The Genesys Platform SDK documentation appears to be public though:
http://docs.genesyslab.com/Documentation/PSDK
The good news - you do not need phones to test integration with Genesys. The bad news is that integrating requires quite a lot of components and is quite complicated so there is no simulator or mock interface you could use. One of the best ways would be to get in contact with Genesys tech support who are usually quite helpful or pre-sales and ask them about access to a virtual demo image you could use for integration.
Also a great resource of information is their newly designed doc site:
http://docs.genesys.com/Documentation/OS
Also Alcatel has sold Genesys a while ago and they're independent now, just in case ;-)
Actually there is. Genesys Simulator Toolkit. It will enable to emulate an Avaya PBX or a Simple TDM scenario. Last version also includes as Genesys SIP Server emultaor.
You won't care too much about the PBX on the other side for basic integrations, your goal is to learn the SDK and the TEvents (TLib). You can achieve this with the Emulator. You need to ask it to a Genesys representative.
What is the most typical structure of business where you want to develop several web services? Should one establish a company for each of them or keep under one? I would like to hear your experiences maintaining such situation, keeping in mind the global focus.
By far the two most critical sets of issues determining the answer to this question are legal and financial (including, but not mainly, accounting). So it's hard to see how this question fits with the intent of this site.
It is advised to provide more background information on the topic. Business plans for SaaS companies can range from large cloud computing service vendors (with integrated solutions) and up to business analytics providers targeting specific market niche.
Business is a bit like programming: Keep It Simple (Stupid). Do not create multiple companies, unless there is a good reason to do it.
If You Planning to use python, you can use Django to build saas application,
this video Build SaaS application in Python django will explain about getting started with Sass.
Thanks