How can I add Keycloak security to messaging in Wildfly 10? - wildfly-10

I tried to set the security domain of the messaging server to the Keycloak-enabled security domain, but the messaging subsystem (Apache activeMQ artemis) cannot find the keycloak classes.
How can I make the keycloak classes visible to the messaging system?

Related

How to make Web.TPEngine.Providers.RestfulProvider reach an AKS deployed endpoint (publically accessible only using VPN)

I have an Azure B2C custom policy that uses the Web.TPEngine.Providers.RestfulProvider in order to enhance the Reset Password flow.
I have no issue if the Web.TPEngine.Providers.RestfulProvider endpoint is public.
But for the production, my endpoint ( a spring boot app) will be running on an AKS cluster and its URL will be only accessible through a VPN connection which makes my endpoint invisible for my Azure B2C custom policy.
The question is: How can I make my Custom policy reach an endpoint deployed on AKS and accessible only using VPN?
Thanks a lot for your help
Azure AD B2C API Connectors (Including the Restful Provider) publicly accessible HTTPS APIs and endpoints. It's not possible to connect to APIs trough VPNs.

What are the benefits of using IdentityServer4 to connect to AzureAD instead of just going directly to AzureAD?

Need to authentication and authorize (based on roles and security groups from AzureAD) various web clients and api resources. Considering relaying this via IdentityServer4 to AzureAD vs direct authentication against AzureAD. Are there benefits to using IdentityServer4 as a relaying station?
The various clients are ASP.Net Core web, and web api, and reactjs (and possibly angular) spa web applications.
We need to authenticate and authorize the web clients using application level roles as well as security groups downloaded from AzureAD.

MobileIron SSO with custom auth provider

Is it possible to have SSO across multiple apps, installed through MobileIron, that connect to back-end services/sites protected by SiteMinder or any custom authorization provider ?
Looking at this Stackoverflow discussion and MobileIron video, it seems like the MobileIron SSO can be against KDC only.
As far as I know, you're quiet right: SSO capabilities to Intranet applications located behind MobileIron Sentry are provided via KCD. The possibility to do this via user certificates managed through MobileIron seems not to work (look at this thread iOS Client Certificates and Mobile Device Management).Third party / custom authentication providers like SAML are not supported at the moment by MobileIron.

Authenticate from active directory for remote users through SAML or WS-FED using OKTA?

We have an instance based web app on IIS which uses active directory for authentication.
This web app has an external public web address for remote users to work with.
OKTA provides Active directory integration which sync directory and provide SSO for users inside the active direcory domain.
But for remote users as far as i know OKTA can provide SSO through their SWA (secure web application) type of application but which means using a browser plugin from OKTA for remote users.
Is there any other way for us to authenticate from active directory
for remote users through SAML or WS-FED using OKTA?
Okta supports SAML 2.0 for this use case. Please reference the documentation at https://support.okta.com/pkb_Home?q=SAML&l=en_US for details on how to configure this.
Also note that there's a sample app demonstrating SAML integration via the Spring framework (if the app in question is Java-based). http://developer.okta.com/docs/examples/spring_security_saml.html

How can I specify the home realm in wpf client?

we developed applications with custom STS as identity provider. Now we planning to use thinktecture identity server (Idsrv) as primary and ADFS as secondary to replace our custom STS. I enabled WS-Federation protocol in Idsrv and added Idsrv and ADFS as identity providers. we developed web application that trusts Idsrv. I also used HRD url to show the list of identity providers whenever user access the web application. It works fine for both identity providers.
Flows :
Idsrv provider web app-->HRD-->Idsrv-->HRD--->Web app
ADFS web app-->HRD-->ADFS-->HRD--->Web app
I also specify the home realm in web application to use the identity provider as default without showing HRD. It works good.
I want to develop a wcf service that trusts Idsrv. I want to utilise the wcf service from wpf client. Based on the user's domain, I need to specify the identity provider as default.
How can I specify the identity provider in wpf client?
my requirement is same as
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/issues/198
The HRD concept does not exist in WCF / SOAP. You would need to go to the idp first and then exchange that token with a token from IdSrv.
Unfortunately, we haven't implemented those endpoint in idsrv. There is a PR on github with an implementation, maybe you wanna give that a try.

Resources