Is it possible to have a Java process running on linux access EWS using kerberos only without the need of a pre-defined username/password combination?
My current system architecture consists of a Java process that accesses EWS using a stored username/password combination. Requirement is to ensure that the credentials under which the Java process runs are authenticated on Exchange using Kerberos.
Is it possible to have this setup?
yes, it should be possible to authenticate to EWS using Kerberos. You can Java GSSAPI to get the Kerberos tickets (from the ticket cache or prompt the user). There is a Java GSS Sample program at http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/BasicClientServer.html
Your question seems to be more on what Java can do versus what Exchange/IIS can do. I don't know Java well at all, however I do know EWS and IIS topics well.
Here is something to keep in mind - IIS does the authentication and not EWS. You could do an HTTP GET on a file in a virtual folder on an IIS server to verify that your API works. If you can authenticate to IIS, then EWS should work. Now having said that you also need do consifer access issues - ie impersonation and delegateion - you will need to be sure you have the needed content in the EWS XML and have the correct Exchange settings for Impersonation and correct folder permissions set for delegation.
Yes, it is possible. It is already implemented in "JWebServices for Exchange", Java API for EWS
You ticket a TGT in the ticket cache or a keytab for that account.
Related
So I can successfully run commands to manage our Microsoft 365/AzureAd/Exchange Online - this involves assigning and removing license, converting user to a shared mailbox, delegating access to a mailbox, etc. I followed the guide here for authentication. But that's me actually logging in with my credentials + MFA (Multi-factor authentication) for authentication.
I want to have a script that does these type of actions triggered by a schedule. I believe I can include the credentials but how to do MFA? Tried to follow this but getting error clientid is not a guid I have registered an app in https://portal.azure.com/ and able to do Graph API calls using that. No luck in PowerShell authentication though. Any thoughts? Thanks!
Maybe try this? It should allow you to connect to all Microsoft online services and includes support for MFA. If it does not work, the website has many other scripts you can try
This is not possible. A potential solution is to set some rules where in specific case, MFA will not be required.
I do not see [Application Groups] folder in my ADFS. How can I install it to see it in my AD FS Management?
I want my WEB API(REST) project to connect to ADFS for authentication. Additionally, I want to test my REST API Authentication without a login screen, please help in this as well. My API will be consumed by CRM users, who are already connected to ADFS. Now the requirement is to create an REST API which will be hit by CRM users and CRM user will pass a userid and password which will be authenticated by ADFS internally without login screen. How can I do that?
Any help please.
Thanks
Application Groups are only available in Server 2016 and 2019. They are available in the ADFS wizard by default.
In terms of sample code for calling API, have a look here.
I have an application which uses LDAP authentication against AD, which works fine. However the UserDN and password for accessing LDAP are in clear text in the config files, and I would like to avoid clear text passwords.
In Softerra LDAP browser you have the option to authenticate with "Currently logged in user", does anyone know if this type of Windows Authentication is possible with Spring LDAP? Or is there perhaps another way to avoid credentials in config files (like using the credentials of the user trying to authenticate)?
With Microsoft SQL server, it is possible to do Windows Authentication via JDBC, since Microsoft provides some native code, has anyone heard about a similar functionality when using LDAP against AD?
"Currently logged in user"
this may mean that Kerberos based SASL authentication is used
You may check
https://docs.spring.io/spring-security-kerberos/docs/current/reference/htmlsingle/#ssk-kerberosldap
and
https://docs.spring.io/autorepo/docs/spring-security-kerberos/1.0.1.RELEASE/api/org/springframework/security/kerberos/client/ldap/KerberosLdapContextSource.html
The latter shows how the Kerberos ticket cache can be used.
is there any way to connect to citrix access gateway using some api, so that credentials for authentication are sent through that program, the user is authenticated and then is able to access internal resources. I saw about NITRO Api, and Web interface SDK...is this thing can be done using any of theses...which one of them is a better choice?
There is an API available by using the COM object WFICA.OCX (this component is included with the installation of the Citrix client).
I believe this provides what you are looking for - you can set properties for username and password. (Note: I haven't yet been able to get a working example for myself.)
Documentation for the API is available on the Citrix Developer Network:
- ICA Client Object SDK
- Citrix ICA Client Object SDK Overview
There is also a detailed tutorial in Fun with the ICA Client Object (ICO) and .Net Console Applications on the Citrix blog. I was first referred to this blog post by another Stack Overflow user after asking the question Detect termination of Citrix session launched by kiosk application.
Everything I've seen and experienced so far suggests that you must use Windows Authentication if you want to access a file via Win32 from within the a databases filestream store but is it possible to use jsut SQL authentication somehow?
No, you have to use Windows Authentication.
See the official team Web Log for Microsoft Customer Service and Support (CSS) SQL Support:
How It Works: File Streams Requires Integrated Security (Windows Authentication)