IBM Watson Personality insight Demo Edit Issue - ibm-watson

I recently download IBM Watson personality insight demo (nodejs). when i am running that demo and trying to analyze any person that is already in list than it throws a error.
Here is the UI of that demo
I don't know why is it coming. please guide me accordingly.
Here is an error

As the error says, you are not authorised. You need to create a personality insights service, and set the credentials.
You can't use the default settings.

Double check your .env file.
IBM Cloud is migrating to token-based Identity and Access Management (IAM) authentication.
With some service instances, you authenticate to the API by using IAM. You can pass either a bearer token in an Authorization header or an API key. Tokens support authenticated requests without embedding service credentials in every call. API keys use basic authentication. Learn more about IAM.
If you pass in an API key, use apikey for the username and the value of the API key as the password.
In other instances, you authenticate by providing the username and password for the service instance. For more information, see Service credentials for Watson services.
To find out which authentication to use, view the service credentials by clicking the service instance on the Dashboard.
Source : apidocs/personality-insights
So in your .envfile the service credentials could either be
# service credentials
PERSONALITY_INSIGHTS_USERNAME= <YOUR USERNAME>
PERSONALITY_INSIGHTS_PASSWORD= <YOUR PASSWORD>
PERSONALITY_INSIGHTS_URL=<SERVICE URL>
Or
# service credentials
PERSONALITY_INSIGHTS_IAM_APIKEY= <YOUR API KEY>
PERSONALITY_INSIGHTS_URL= <SERVICE URL>

Related

Get Access Token from Azure Active Directory using username and password

I am trying to create a POF with Azure Active Directory because I am planning to use it later in a production application.
In Microsoft docs, the only way I found to login is being redirected to the microsoft page to provide username and password.
Is there some API I can use to get the access token providing username and password? and I can test it, for instance, using postman.
You could use Resource Owner Password Credentials(ROPC) flow to get access token. See the Important first to make sure you could use it in your application.
The Microsoft identity platform endpoint only supports ROPC for Azure AD tenants, not personal accounts. This means that you must use
a tenant-specific endpoint
(https://login.microsoftonline.com/{TenantId_or_Name}) or the
organizations endpoint.
Personal accounts that are invited to an Azure AD tenant can't use ROPC.
Accounts that don't have passwords can't sign in through ROPC. For this scenario, we recommend that you use a different flow for your app
instead.
If users need to use multi-factor authentication (MFA) to log in to the application, they will be blocked instead.
ROPC is not supported in hybrid identity federation scenarios (for example, Azure AD and ADFS used to authenticate on-premises accounts).
If users are full-page redirected to an on-premises identity
providers, Azure AD is not able to test the username and password
against that identity provider. Pass-through authentication is
supported with ROPC, however.
Try executing this request to obtain access token.
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
client_id=<your-app-id>
&scope=<scopes-in-api-permissions>
&username=<username>
&password=<password>
&grant_type=password
As you are looking to get an access token by sending the username and password
you can go with a postman or a curl operation
POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20openid%20profile%20offline_access
&username=MyUsername#myTenant.com
&password=SuperS3cret
&grant_type=password
curl -X POST -d "client_id=clientid&scope=user.read&grant_type=password&username=username&password=Password" https://login.microsoftonline.com/tenantid/oauth2/v2.0/token
Note :Microsoft recommends you do not use the ROPC flow. In most
scenarios, more secure alternatives are available and recommended.
This flow requires a very high degree of trust in the application, and
carries risks which are not present in other flows. You should only
use this flow when other more secure flows can't be used.

Using 1 SAML2.0 service provider for multiple identity providers

We have a SAAS model web application that is used to serve multiple customers. Few of these customers have their own SAML2.0 Identity Providers against which they want their users to get authenticated.
How can I create a service provider for my web application in which I can configure these multiple Identity providers and redirect the user to their respective login page based on the URL and redirect them back after successful authentication?
Can someone please guide me on this. So far what I have done is install the Shibboleth service provider on each of my servers and use that one server to serve only 1 customer who requires Authentication using their Identity provider, but this will not work with SAAS based model application.
Varun
What you're looking for is something known as a discovery service. This enables the user to select the identity provider appropriate for them so that the SP can send them there to authenticate.
There's a page on the Shibboleth wiki describing this concept: IDPDiscovery
The Shibboleth SP ships with a discovery service known as the EDS that you can deploy locally: EDS
You could also build one as a static web page, or use a central discovery service provided by someone else if, for example, you're part of a federation that provides one.

How to integrate my activiti app (version 6) with Azure active directory endpoint v2.0 without using ADAL.js or MSAL.js

I have an Activiti app which needs to be integrated with the Azure Active directory for user sign in and authentication. The application is registered on the Azure AD and I have the following information:
tenant ID
CID
key
I am trying to follow the steps in the official documentation here, using the implicit flow.
All the examples I could find for it make use of the msal.js library to authenticate users with Microsoft Azure Active Directory accounts. But i need to achieve this without using any libraries. How do I proceed with this?
How and where in the activiti-UI do i need to put in the code to hit the following URL given in the steps
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?client_id=6731de76-14a6-49ae-97bc-6eba6914391e&response_type=id_token&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F&scope=openid&response_mode=fragment&state=12345&nonce=678910
Any examples on this would be of great help!!
Thanks in advance!
For the doc you choose, it does not use a library.
To refer to this doc, your app is required to be registered in the v2 endpoint, like Application Registration Portal or app registration(preview) in Azure Portal. And you also need to enable Allow Implicit Flow for the Web client.
Send the sign-in request in your browser:
https://login.microsoftonline.com/{tenant-name}/oauth2/v2.0/authorize?
client_id=your application id
&response_type=id_token
&redirect_uri=your application redirect urls
&scope=openid
&response_mode=fragment
&state=12345
&nonce=678910
The response like this:
By this, you could get the id_token for the sign-in user. If you want to get the access_token, you need to replace openid in the scope with the resource url with the format(like microsoft graph: https://graph.microsoft.com/User.Read), and replace the id_token with access_token in the response_type.
The access_token response like this:
If you want to parse the token, you could use jwt.io.

Verify AD or LDAP crendentials via REST API

Our requirement is simple. We have a web application that requires users to sign up for a new account in order to use the service.
We would like to offer users to login using their AD or LDAP credentials, provided that an AD/LDAP connector was already installed on the client premises.
Is there any service that does exactly that (providing connectors and a REST interface to programatically verify user credentials), and perform a one time API integration so that users will be presented with a login form on our web application www.mywebapp.com/login, they will then enter their AD/LDAP username and password, which we would verify against their user directory using OneLogin API
I went through the API documentation for OneLogin but i have not see any method for doing that, although i can see at https://www.onelogin.com/active-directory-integration that it is a feature of OneLogin
After users are synchronized to OneLogin (via the Active Directory Connector or the LDAP Connector, for instance), an authentication call over the REST API will tunnel the username/password down to the Directory being synched for validation -- this should satisfy your use case.
For example you can use a function like https://developers.onelogin.com/api-docs/1/users/create-session-login-token, or just make an LDAP query against the LDAP endpoint.
Take a look at this new(ish) API from OneLogin -
https://developers.onelogin.com/api-docs/1/users/create-session-login-token
Although it's designed for developers to build their own front-end on top of OneLogin, it can also be used to validate a user's credentials (if you get a session_token, you've successfully authenticated the user)
This should 'reach back' through OneLogin to validate the users against whatever directory is configured to handle auth.
This call has the added benefit of supporting 2nd factors if they are configured.

Angular JS SPA using LDAP authentication

I'm writing an AngularJS SPA application which calls Rest full web service. Back-end is being written on JAX-RS, deployed on Tomcat 7. I'm using HTTPS, SSL for transferring data from SPA to JAX-RS
requirements
I have to make LDAP authentication. (I will send username & password to web service and it should make authentication)
I have to do user's session management (because, when authenticated user sends request to web service, user doesn't have to authenticate again)
problems
I think there are two options for doing LDAP authentication:
Make LDAP authentication using core java http://docs.oracle.com/javase/jndi/tutorial/ldap/security/ldap.html
Use Spring security (I'm not familiar with it and not sure if it's possible. I think I should send username & password to rest service. Rest service will have spring security library injected and it'll be possible to use authentication functionality. Am I right?)
Manage user sessions. Once user is authenticated, it should be saved somewhere, so that user can do operations until its logon is not expired.
How can I do it?
Which way should I choose? How should I make LDAP authenticating and session management?
Can anyone give any suggestion or example links?
So,
LDAP Authentication using JNDI works just fine, you could also use the neat UnboundID LDAP Java API. A simple LDAP Bind example can be found here: https://code.google.com/p/ldap-sample-code/source/browse/trunk/src/main/java/samplecode/bind/SimpleBindExample.java .
Note also that you could use a Node.JS module as your backend, the Passport.JS Authentication framework for example, provides lots of features/capabilities relative to authentication and Federation (i.e., do things like 'Login with Google', etc...). See: passportjs.org.
On the Angular/frontend side,your best bet is to use a JWT token. It's all explained in detail with examples here: http://code.tutsplus.com/tutorials/token-based-authentication-with-angularjs-nodejs--cms-22543.
In essence:
your backend Authentication REST should return a JWT Token in the response, once the user successfully binds to LDAP. This Token would contain some user data, and should be encrypted (see link above).
Your Angular App should set that token as a cookie on the client Browser ("set-cookie" response header) upon successful login (so in the Controller of your Login view).
The Client will then present that cookie/JWT Token on every request it makes to your app.
Your app will then need to validate the token presented on every request (in the controller of your SPA). You may also want to add the user authentication data to your $scope so you can use it in your view.
Hope it helps...

Resources