I am implementing the Open Banking for my company and used the Identityserver4 for implementing the authorization server. I just want to know whether a bank or a financial services company has used the Identityserver4 for implementing the open banking authorisation server.
Related
Snowflake's federation authentication documentation does not explicitly mention Customer Identity Access Management (CIAM):
https://docs.snowflake.com/en/user-guide/admin-security-fed-auth-overview.html
Is it possible to use CIAM services such as Azure Active Directory B2C or Google Cloud Identity Platform with Snowflake? The idea would be to leverage BYOI / social logins.
We Support SAML and OAUTH. If CIAM supports these standards, then there should not be any issues integrating it with snowflake.
However, this has not been tested from our side.
You can open a support case if you are running into any errors etc.
We use LDAP and our local SQL Server databases to authenticate our users, using Apache Shiro as the app is developed with Apache ISIS. Users in the SQL Server database are REST consumers, while LDAP contains only business users. Lastly, I was instructed to move my LDAP users to MS AAD.
Is there an architecture that allows me to keep both users? Business users will access the app through the MS OpenConnect portal. At the same time, other applications can continue using DB authentication to consume REST APIs.
Yes, it's possible. Actually, the essential of your questions is "how to enable multiple authentication manner s in web app". Since AAD authentication is claimed based, very different from LDAP, so you will need to change your code for sure to upgrade from LDAP to AAD.
Regarding multiple authentication, I don't know the platform you're using. Here is an sample for ASP.NET CORE for your reference:ASP.NET Core: Supporting multiple Authorization
I am fairly new to Active directory and trying to understand it especially from application roles perspective.
I understand the use of Active Directory for authenticating internal corporate users and to implementing SSO across different applications.
What I am trying to gather are scenarios where Active directory can be used for application security ? Is it limited to creating domain users for application to use when interacting with other applications or are there other scenarios where it can be used ?
Example, in below diagram AD DS server has been added to the application landscape for 'computer objects for the failover cluster and its associated clustered roles are created in Active Directory Domain Services (AD DS)'. What does it really mean ?
Azure Active Directory (Azure AD) provides secure and seamless access to cloud and on-premises applications. Users can sign in once to access Office 365 and other business applications from Microsoft, thousands of software as a service (SaaS) applications, on-premises applications, and line of business (LOB) apps. Besides, enabling single sign-on (SSO) across applications and Office 365 provides a superior sign in experience for existing users by reducing or eliminating sign in prompts. For the details, you could read here.
And Azure AD Domain Services provides managed domain services. You can consume these domain services without the need for you to deploy, manage, and patch domain controllers in the cloud. Azure AD Domain Services integrates with your existing Azure AD tenant, thus making it possible for users to log in using their corporate credentials.
For the details about Azure AD Domain Services, please read this doc.
We currently have a two-tier enterprise application where a Windows desktop app connects directly to an SQL Server database. Data access permissions are set in the database using standard SQL Server features, sqlserver windows authentication is being used (users use their domain logins).
We would like to introduce an application server layer, but we need the same authentication scenario, i.e. all the queries, initiated by the desktop app, have to be run in the database under user domain account that started the app.
It is also important that users do not enter their credentials in the app, the current domain account is used.
Client application is a WPF .NET desktop app.
Is this possible using ASP.NET WebAPI as an application server?
If you're using Active Directory to authenticate users, once they've successfully authenticated into your application, you will have their domain identity. You could then pass that as a part of the connection string for every user-specific database CRUD operation.
I would recommend that you have a shared SQL login though for core things such as caching, database logging and auditing, error logging, application authentication and authorization, etc.
I'm trying to integrate IBM Connections and IBM Websphere Portal(WP) following this documentation . Can't get the SSO working between them.
Here is the point about SSO at the documentation.
Implementing all the steps having the message "You are not authorized" in WP connections portlets.
Knowing the SSO with LTPA mechanism I have a couple of questions:
in this particular case should the WP server and IBM connections
server be at the same domain in order for the LTPA to work?
should WP websphere server's security be configured to use the same federated reposirory as a connections server? (connections server uses MAD LDAP)
and can anybody explain what id to use to authenticate in WP (I mean should it be it LDAP and not be as a local system user?)
1 - they can actually be the same top level domain, you just need to change your General Settings > Web SSO settings
for instance, I could set the sso domain to .ibm.com intead of a more specific domain, where my servers are in test.org.conx.ibm.com and portalserver.portal.ibm.com
2 - It's much easier if they use the same repository, but it is not required, as long as the ltpa token is used to login to the secondary server such as connections.
3 - well, what ever group you have in your corporate ldap that is set to manage portal, and the ids which you have to access the portal. generally these should be either mail;cn;uid