I'm new to SAML. New in a "Ohh my god, there are so many things! My brain hurts." kind of way.
I get the basic idea. A IDP logs in the user, and sends the SP notification said person has logged in so the SP can log them in too. There is a whole bunch of hand shaking involved on both sides.
The problem is, I don't know nearly enough about SAML (and I'm struggling to figure it all out) to just get something simple setup. So far I figure if I can get a simple IDP going I can then work on the SP after. Play around with it. Get to know it.
So I've been trying to set one up with OneLogin, and I have created an application. But the sheer number of settings is overload to me and online documentation/guides seem to assume I understand what needs to be put where. I have little clue except for MAYBE the EntityID.
Can someone help me? Even if it's a nice video, or some other site I haven't been able to find. This is one of the most overwhelming projects I've ever been assigned and I'm starting to feel defeated.
If there is anything I can clarify, let me know.
Agree with most of the comments.
You want to develop a SAML SP. That assumes that you or your company has a SAML IDP in mind. Which one?
Each IDP is slightly different but for all the IDP e.g. Azure AD, Auth0, Okta, OneLogin etc. they all have step by step tutorials. They also have YouTube videos you can follow.
There is a list here of potential IDP with instructions.
The key is to decide which IDP and then we can advise further.
Related
This seems like it should be a simple question, and I apologize if this is stupid to ask, but I have been scouring seemingly every corner of the web and still have absolutely no idea how to even begin saving pictures.
For my specific case, I am working in React Native and an important function of the app is to take pictures and save them in a manner where an admin account can later access those images.
I sincerely have no idea how to do this. I know you can through AWS S3 Buckets, but I've heard nothing but bad stuff about them, ad my current experience on AWS is pretty rough so I'd prefer avoiding that. I tried something called contentful, but never was able to determine how to connect to the API from inside my code. Supabase was another option, but the Client simply refused to work, and it still seemed overly complicated and i wasn't easily able to find any JS code that would upload. Now I'm working with Cloudify and I was able to find the code needed to upload pictures to it... but I have no idea how to create an account with the proper storage / organization and then extrapolate the information later. I feel like this shouldn't be as convoluted as it is, does anyone have any suggestions, ideas, or experience with Cloudify?
try firebase from google. fireship (name similarity coincidence) channel on youtube has convinient and easy to understand tutorials about firebase.
So I am currently working on this project and I am confused on how to tackle this issue I am having.
I am creating this website that will go behind the scenes and input the data the user is providing us with and checking to see availability on various websites. I am confused on how the logistics of this would work. Would it make more sense to use API's rather than create maybe a bot (I don't even know if this would work) or even if there was a way to code it in myself.
A similar platform to what the general idea behind what operations would be used is vaccines.gov where the system will display the availability of vaccines nearby (a value inputted by user is zipcode). I just need to be pushed in a general direction as I am unsure how to approach this.
Thank you!
I'm building a vClould client application via the REST APIs, however, the documentation is inconsistent an in some cases just wrong and misleading.
All I really need is a solid debug tool or even a log file. Any recommendations?
You already mentioned you have access to the message stream, which is one of the first steps. Typically if I'm using the Apache HttpClient/HttpComponents I'll go increase the log level so it logs the full HTTP requests.
My next step is usually to cheat and to log into vCD as a system administrator and see what's going on. When vCD was designed there was a very deliberate decision to not reveal infrastructure level problems to tenants of the cloud (normal org users or org admins), as that would break the cloud abstraction. Sadly, that means as an org-level user you're often going to get "contact your cloud admin" error responses. We are aware that this isn't ideal and try to find ways to make it better when we can (IIRC the new 5.5 release that was announced last month does have some improvements in that area).
The last step is usually to cheat even more and to look at the server side logs (vcloud-container-debug.log, specifically). That usually gives me a better clue as to what went wrong. Of course, you may be unlucky and not have access to the vCD cell machine.
My workaround in the latter two cases is to try the operations via the vCD UI and see (1) if they work as expected and (2) if they do, to check the system state via the API and see if I'm sending the wrong request payloads, etc. because the doc or schema reference may not have been clear enough.
In regards to the documentation, please use the feedback links () found on individual doc pages to let us know! Our technical writer reviews all the feedback and tries to address them.
My final suggestion is that you might want to post API questions to the vCloud API community forum VMware has. There are a number of experts (both users and VMware employees) that monitor it and respond to questions.
Has anyone made any headway with coming up with a single sign on solution
with Domain access to date for Drupal 7? I've been looking closely at two old
modules, one no longer maintained (SSO for D6) and one still maintained (CAS). I've also read that SAML might be a key to unlocking this, but am uncertain.
Facebook's FBConnect might be another option too or another way could be integrating OpenID from what I've read, and experienced on StackOverflow's sub sites.
I know that OpenID can do this since we are logged into all of *Overflows sub sites at the same time using one login. The question is how does it cross DNS servers? Does it handshake with one half of a matching hash? I cannot find any documentation on this, so am at a loss.
So, are there any solutions that are known to date, or information on what to start
looking into? I think I've made a good point at the possibilities. I read this thread, Domain Access SSO but am uncertain to what version it pertains to (Drupal. DA, SSO or otherwise). It looks like the "Solution" is to create a master table set with users and permissions, then share those across the domains? How might this work if there are already multiple sites created under Domain Access? Would you clone and rebuild the entire installation, or would you need to start from scratch? It really raises more questions than answers. I contacted the author with no response, so the questions still stand.
Any opinions out there on the who what or why would be greatly appreciated, I just need a start point to get the ball rolling. Thanks everyone.
I'm the author of the Domain Access SSO article mentioned in the original question. I don't recall being contacted about it, but then again I recently learned that my "contact" page on bleen.net hasn't been working in a while... but anyway, here is a bit of info:
That post referred to Drupal 6, SSO Module 6.x-1.0-rc1, and Domain Access module 6.x-2.0 (I think). That solution basically revolves around creating two separate drupal installs, one the master and one the client (there can be multiple clients). Basically, what happens is the necessary user tables for all teh clients are pointed instead to the master. In doing so, the master becomes (essentially) a shell site that does nothing but hold and verify user data.
Hope that makes sense and/or helps... to be honest i havent looked at that code in a long while now.
SAML is a good option. Check this module to integrate it with drupal:
http://drupal.org/project/simplesamlphp_auth
If you need a demo with this plugin working check this.
I have a forum with >400 registered users. It's powered by vBulletin-4.0.4. I want to build up several websites with kohana-3.1, but keep existing forum users too. I will use seperate databases for each application (I want to keep apps as independent as possible).
So my solution is:
step 1. create special app users.mydomain.com where each user can register and update their details (birthdate/email/password). This app will catch all changes and write them to forum database and application databases.
step 2. modify default auth module to handle forum authentication. vBulletin uses algorithm: $hash=MD5(MD5($password)+$salt) for pass hashing.
Am I in the right direction? Is it OK?
Someone has already done this: Kohana vBulletin Bridge. You will need to contact the author of the module as the source code is no longer online. It wont be too difficult to upgrade it to 3 if you get it.
I haven't used vBulletin so I can't give you much advice on the subject, but you're right about the hashing algorithm. You'll also need to make sure your session is read and written as they are in vBulletin.
A quick search of vBulletin SSO to get you started.