I have an IS4 install on a regular server on the WWW which is working perfectly for a number of client applications.
The client has a network and I need to install and application inside their local LAN which is not able to be addressable from the WWW.
Is it possible to login to the application inside the LAN via the IS4 instance and have the user return to the site inside the LAN?
Thanks
Jeff
In short, yes. All IDP -> client interactions are done in the front-channel (i.e. in the context of the user's browser). The client app inside the customer's network will need to be able to connect to your IDP but not vice versa.
Related
consider following scenario:
Users log in into their Windows computer using their credentials, which authentificates them to AD.
ServiceX - an existing API, which can be accessed only trough Integration Windows Auth.
Now is it possible add new web application service NewService which would consist of:
NewService-backend (ASP Net Core - can be self-hosted or can be hosted behind IIS, within same domain as ServiceX)
NewService-frontend (React)
in a way that following scenario would be possible:
User Alice logs into their Windows account
opens browser and navigates to url of NewService
the NewService app gets current users windows credentials, so the user does not need to input credentials again and can immediately start working as Alice in new app.
Important ...and the NewService-backend (not frontend) can call the ServiceX impersonating Alice
Is 4. possible? I am not sure how the windows credentials are transmitted between browser and the app and if the they can be used by the NewService-backend to impersonate the user.
=============
Clarification:
We are mostly interested in solution how to call another service(s) in the name of domain user who called the first service.
User (Alice) makes request (from React app in browser) to NewService-backend using Windows Authentication.
NewService-backend makes request to ServiceX in the name of Alice.
NewService-backend is on different machine than ServiceX.
What I am not sure about:
Can React app (in browser) pass the Windows user identity (?SID?) to NewService-backend and how?
If so, can then the NewService-backend pass Alice's identity to ServiceX in order to ServiceX think that Alice is calling? How?
I am creating a Hotspot network, where I need users to first register in order to get credentials to connect to the internet.
My worry is how does the registration form gets sent to my database which is hosted on AWS putting into consideration that the client who is registering doesn't have Internet yet.
Anyone who has a suggestion on how the process works..?
Thanks
So basically you need to have a route(and a NAT rule) for all unauthorized clients to be able to talk to the endpoint storing/processing the form (i.e. Database).
This way every one can communicate with target and after
authentication they should be provided by a full internet accessible
route.
I have made an app with Spring Boot on backend and UI in AngularJS. UI is separate from the backend. UI is deployed in Firebase and my backend in deployed in AWS (via boxfuse). I want to add a trusted https certificate to my backend but Certificate Manager does not let me create a trusted certificate for Amazon owned domain. How can I add a certificate to the backend (with Let's Encrypt)? Does my UI also need a trusted certificate?
First of all, If you are using public domain of EC2 instance, I would advice not to use because whenever you start and stop instance, It will change the domain. If you are doing with let's encrypt than you should do it in the server which having apache configured. Let's encrypt provide you the ACME client, most recommended is certbot. Choose your OS and Web server. It will provide you the script, Run that script in your server and it will ask for required detail which needed to get SSL Certification. Rest of the things script will do it for you. Please read the documentation before you perform this things.
You should consider the domain type as well either you are using single domain or wildcard according to your application.
Below link is useful for me, If you want you can get more detail about this.
https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority
We have an intranet web based information portal. Now, under development is module for internal orders.
The problem is: When the approver approves the order, it accesses page that requires https and accessing it should be much secure than a simple (second) password authentication.
The first idea was to pair certified connection between the server and client, i.e. the server should recognize that client has installed appropriate certificate, otherwise, to show inaccessible page message.
We played with OpenSSL certificates, but because we are newbie in that, there was no success.
Which is the right way to do this?
Probably, this is important: The certificates was done under Linux. They should work on Win2003 server with installed Apache2 with enabled SSL module (PHP, MySQL). Also - pages can be accessed only via IP address of the server. Is it OK to configure certificate for IP address? Information we used to generate certificates is here.
Is there another way to secure connection between client and server in that case, i.e. to ensure that only privileged client (computer, browser) is accessing the secured page? If you have other suggestions, they will be well appriciated.
I have a winform application calling web services hosted in IIS, by default, the client app will use Kerberose for authentication to IIS, and it failed for some reasons。 But the same app works fine at another PC(with different user login), and I found it is using NTLM by checking the IIS server event log.
is there anyway we can change the client app(winform) authentication type?
Thanks in advance
As per the HttpWebRequest.Credentials documentation, to restrict the request authentication to particular methods only, you need to create a new instance of the CredentialCache class, bind your credentials to the desired authentication methods and set it to the Credentials property.
Have u tried hosting the web services with Windows authentication? Then the consuming application must also use the same authentication to access the web service.