I am spring boot oauth2 2.0.0.RELEASE.
I am trying to disable the authorize endpoints as we wont be using it ?
Is there a configuration I can set to disable it ? We only use the token endpoint
Related
I'm trying to authenticate Azure App Configuration Service with access keys in APIM policies.
Can someone help how we can authenticate Azure App Configuration Service using Access keys in APIM policies.
You will need to implement the HMAC authentication as explained in the document below. There are code samples in a variety of languages in that doc too.
https://learn.microsoft.com/en-us/azure/azure-app-configuration/rest-api-authentication-hmac
I have earlier set-up JWT authentication for smooch API, and it works fine.Now when I'm trying to authenticate using key_id and secret, it's not authenticating. Is there any way to enable both the authentication or revert back to key/secret authentication.
I'm attempting to understand how spring boot uses http sessions to manage the oauth authorization code flow.
I understand that after the user submits their credentials via the /login form spring will persist the authentication object so it can be retrieved when the browser is redirected to retrieve the authorization code.
What I dont understand is if the browser needs to sends jsession cookie to the server or http basic authentication header when invoking this flow.
For example if I wanted to initiate the flow manually via curl do I need to specify any special headers ?
It doesn't use HTTP sessions to persist it, the client ID and authorisation code (the code that's passed back to the client app after the user authenticates) is used to identify the authentication object. The authorisation code is then used to obtain the access token.
So:
The client app redirects to the auth server, passing in their client ID.
The user authenticates with their username and password on the auth server , which stores the authentication against the code and client ID and passed the authorisation code back to the calling app as a request param on the redirect URL.
The client app calls back to the auth server, authenticating with it's client ID and secret and passing in the authorisation code. This is then swapped for the access (and possible refresh) token.
If the app needs the user details, the client app calls the user details endpoint authenticating with the access token it now has.
Can we authenticate against OpenShift enterprise 3.2 or 3.3 REST API's using username and password instead of tokens?
Thanks much in advance!
As stated in openshift documentation:
Requests to the OpenShift Container Platform API are authenticated using the following methods:
OAuth Access Tokens
Obtained from the OpenShift Container Platform OAuth server using the /oauth/authorize and /oauth/token endpoints.
Sent as an Authorization: Bearer… header or an access_token=… query parameter
X.509 Client Certificates
Requires a HTTPS connection to the API server.
Verified by the API server against a trusted certificate authority bundle.
So you need to authenticate using either of these ways
I did SP initiated SSO for SalesForce and OpenAM successfully.
In SalesForce SSO setting I used Identity Provider Login URL : http://localhost:8080/opensso/SSOPOST/metaAlias/idp
This URL accept SAML request and created SAML Assertion for SalesForce with IDP default login authentication.
Instead of above URL I when I use my Custom Authentication Module URL.
It does:
It redirect to IDP with custom authentication
Does the authentication and display IDP home page.
It won’t show SalesForce home page.
I checked debug log it is not creating SAML assertion for SalesForce.
Is it possible to create SAML assertion from IDP?
Or should custom authentication module has to take care to create SAML assertion?
Don't change the URL in the Salesforce SSO settings - that needs to remain http://localhost:8080/opensso/SSOPOST/metaAlias/idp in order to do SAML. Instead, in the extended metadata for the identity provider, you should set AuthUrl to your custom auth module URL - e.g. http://localhost:8080/opensso/UI/Login?module=CustomAuth.
This document at Oracle describes a similar configuration http://docs.oracle.com/cd/E19575-01/820-4729/ggxft/index.html