I'm trying to set up a JRuby application to use SAML 2.0 Authentication against a simpleSAMLphp IdP. The intention is to eventually authenticate against Microsoft ADFS, but that solution is still being built.
I've tried a couple of different SAML solutions so far (ruby-saml, samlr), and they all seem to fail under JRuby (but work fine under MRI). I'm specifically using JRuby to utilise the JMS API and JDBC Connectors, so I can't really go back to MRI.
Does anyone know of a SAML implementation that works properly under JRuby? I'm quite happy to go down the path of using native Java classes if that's required, but it'd really help to have a starting point that I can build upon.
Thanks in advance!
Is this application customer facing? If so, check out PingOne Application Provider Services. It's a hosted SAML SP from Ping Identity. You connect via a REST APS from your application and the service handles aol the complex SAML. Very simple to setup. The first connection is free as a bonus. [Note: I work for Ping]
HTH -Ian
Related
I'd like to implement kind of SSO for openshift, what I mean: from my webapp a user can open openshift console in a new window without giving his credentials. I've configured Basic Authentication Remote and it's working, can open new window and post username/password but it's looks that openshift is protected with crsf token. Thus not sure if it's possible at all. It seems that developing custom identity provider is not supported either. Any idea ?
PS I'm aware of Request Header Identity Provider but that solution requires my webapp to provide idp functionality (not even sure if it's feasible), also apache (we use nginx), a lot of issues for dev to install it all on a single computer due to port conflicts, valid ssl etc etc
Best option will be to use oauth proxy. See if this helps in your case.
https://github.com/openshift/oauth-proxy
Finally I've implemented SSO using js postMessage to send user/token data and Basic Authentication Remote.
I have a Spring Boot Application I am working on that uses CAS authentication. I have CAS working fine however once I start more than 1 copy of the application behind a load balancer the app fails to authenticate.
The app takes the user off to CAS and returns to the home page where once authenticated the user should see the main interface. But instead when it returns from CAS the spring security authenticated check still thinks the user isn't authenticated.
If I reduce my instances down to 1 it starts working fine again.
I am running this app behind an F5 load balancer so I am trying to figure out if there is some missing configuration on the F5 or if there is something I need to do in my app to deal with the switch from one server to another etc. I assume this is causing the issue but I want to keep my app stateless and not rely on making the F5 sticky for a given user. Actually I even tried setting the feature on the F5 but still get the same behavior so not sure what is really happening once more than 1 app instance is running.
My understanding was that this should just work because I have server.use-forward-headers=true configured.
Am I missing some other CAS, Spring Boot Server, or Spring Boot Security settings that are necessary to make this work?
Should this be working with CAS authentication.
I am using Spring Book 2.0.4.RELEASE
I am using spring-security-cas-client 3.0.8.RELEASE
I found the solution to this issue. It seems the Spring Boot Security defaults to a session based security so you need to implement your own Stateless Security to get this working in a stateless manner.
Thanks to this blog post and some additional help from the blog post author I was able to get this working perfectly in Spring Boot 2.x
Checkout the post, it's interesting and works perfectly.
https://www.dedicatedcode.com/posts/stateless-authentication/
Thanks to others who provide answers that sent me in the correct direction to find this solution.
I believe the problem is with multiple cas server cluster. When your spring boot application is looking for a valid ticket it fails to authenticate.
CAS has a support for these kind of situation try reading the link below
https://apereo.github.io/cas/5.2.x/installation/Hazelcast-Ticket-Registry.html
If the above solution works you have to add a dependency for the support and update your property files
Hope this helps
If you are using OAuth / SAML / Delegated Authentication, then you might need to set your F5 load balancer (or any load balancer) to enable "session persistence" in order for CAS server to function normally.
Original jamesiarmes/php-ews offers authentication only by username / password. Fork by Garethp has some OAuth function but it requires Office365 and registering application in Azure. Is there any possibility to connect to Outlook by web browser just relying on user logged to Windows System? I know how to read which user is logged using kerberos, but don't know if it's right tool to make it.
There's no way with either of those tools. I looked in to trying to use Network Authentication as method of Auth, since my fork uses NTLM any way, but I couldn't find any resources on passing the NTLM Authentication over SOAP calls. That being said, if you can find some examples, I'd be happy to build it in as a method of authentication for you
In the EWS service object, you can select the flag to use default credentials, meaning whatever user context the code is running under. Would that help?
I recently created a web application with GWT. Then re-used most of the code to create a Swing version of the application that accesses a local database in offline mode. I am now implementing the 'online' mode of the application and want to access the same data as my GWT application.
Any ideas? Considered connecting directly to the MySQL server via SSL, but that's not working and doesn't seem as scalable. Should I use REST?
Any suggestions would be helpful.
To solve this problem in the past, we've used Jersey to create REST Web services which returns protocol buffers. The Swing app would then interact with the protocol buffers. The GWT app would ask for content type 'json' and receive protostuff objects in return. It worked quite well. That way, both apps can communicate with the server in the exact way.
Edit:
To allow your swing app to communicate with GWT-RPC, look at this blog article.
I've gotta use the inventory from quickbooks in my rails web app...it would be nice if I could get quickbooks to use mysql, as that way I could just use mysql between the app and quickbooks, which would make things easy.
Does anyone know how to get quickbooks to use mysql? Or will I be forced to have my app communicate directly with quickbooks, which I wanna avoid :P
There are a few ways of integrating with QuickBooks, but if it's a web application, your best bet is to use the QuickBooks Web Connector, or to use a commercial package for SQL access.
The Web Connector is the only Intuit-supported solution to integrating with QuickBooks from a web application. Basically, you build a SOAP server / Web Service which speaks a specific set of methods. The Web Connector then is installed on the machine running QuickBooks, and polls your web service asking "Hey, got anything for me to do?" Your web service can then respond with qbXML requests (examples of qbXML here: QuickBooks qbXML Examples) which tell the Web Connector "Add this customer: ..." or "Send me invoices which match: ..." or etc. etc. etc. The Web Connector then relays those requests to QuickBooks, QuickBooks processes them, and the response is relayed back to your web service. Your web service might then process the response somehow, and then send the next request over to the Web Connector. This can continue in a loop for as long as you like, continuing to send requests to QuickBooks and receiving the responses.
You might also look into AccessBooks and QODBC. Both are commercial wrappers around the QuickBooks qbXML SDK which allow direct SQL access to QuickBooks.
Here is some additional information on my QuickBooks Integration Wiki about how to integrate applications with QuickBooks.
You might also want to search around on Google. I know there were some QuickBooks Rails packages/gems out there somewhere, but last I looked it did not support the QuickBooks Web Connector. Instead, the Rails application had to be installed on the same machine as QuickBooks, and it communicated via COM.
Pretty sure you will have to interface with Quickbooks directly. The other problem is going to be that because Quickbooks is a client-side application you will need to have an app on the client that pushes the data to the server. It's definitely doable.
Alternatively, you could just use the export functions of Quickbooks to periodically export the inventory as CSV.
http://behindlogic.com provides a Rubygem (for sale) that will deal with all of the pains of QBXML for you, and an HTTP Connector for QuickBooks that allows you to send/receive messages with QuickBooks through HTTP, which opens the door for connecting from another computer. The gem has an adapter built to use the Connector as well, so you can very quickly get up and running with QuickBooks on Windows and your Rails app on Linux or on your development Mac.
EDIT: Unfortunately, the maintainer of Behind Logic and the gem mentioned above has passed away. I hate bringing this up, however it took me a while to figure out why the GitHub repo was inactive and the site had gone down.
We have been using the Web connector for a while now, and let me tell you its been pretty smooth so far. Though the Intuit Quickbooks SDK doesn't let you do wt exactly QB UI would let you. Problems occur especially when you want to enter group items to QB using the SDK. Use a webservice and let it build requests and process responses and push the required data to your database which can simply be anything from a SQL server to MySql/Oracle etc etc. Using this approach good amount of error handling can also be done.