I need to store my custom credentials, which are specific to my library which runs on Spark Interpreter.
These credentials are available in JWT token and I can extend ActiveDirectoryGroupRealm of Shiro to extract this data. My question is as follows:
Can I store this data in Credentials? (e.g. I put that in the spark interpreter group ..)
How do I access this from Credentials through API?
Thanks
Related
I have a Box Connector I've setup in Azure Logic Apps. Since the Box connector does not support all Box API calls, I would like to write my own HTTP call for the unsupported APIs.
I want to access the Access Token saved in the Connector.
Does anyone know what parameter the access token is stored under?
We are using IdentityServer4("http://docs.identityserver.io/en/release/quickstarts/0_overview.html") to protect our APIs, actually we have multiple APIs and we want to protect these APIs with IdentityServer4(i.e via generating access tokens) but we have questions regarding validating the access tokens,Do we need to create separate auth server for validate IdentityServer4's access tokens?
Actually our APIs are already build and deployed.
Once you specify to your api, that it should use IdentityServer for authentication, and of course you specify the authority, you don't need to do anything, except registering this API in Identity Server, and put the AuthorizeAttribute where you need it in the API.
We are trying to build an application which is going to use WSO2 identity server to authenticate with IDP initiated SSO .
I have tried out the travelocity.com example in the WSO2IS tutorials , and I can understand that the "default" authentication type as Local Outbound Authentication uses the Primary user store to perform authentication :
What I need to understand is , how do I map a UserStore to work with a particular service provider , I am performing SSO as IDP initiated ?
Is it something I can manage inside the WSO2 Management Console ? OR do I have to modify the authenticationendpoint webapp?
It isn't limited to the PRIMARY user store and if you have multiple secondary user stores, it'll try to authenticate the user with every user store until the authentication is success.
Limiting a user store to a certain service provider is currently not available in the Identity Server but you can write a custom authenticator and achieve this requirement. Here is a guide on how to write a custom local authenticator. Basically what you have to do is, overide the processAuthenticationResponse method and pick the user store accordingly.
Based on you described requirement, I would like to suggest another approach to achieve the same.
In WSO2 Identity Server you have the capability engage a policy in the authentication flow. So using a policy we can restrict which user stores are allowed for a particular service provider.
Check out https://medium.com/#Pushpalanka/application-wise-authorization-wso2-identity-server-user-store-per-service-provider-dfea5f9ad758 for a detailed explaination.
Currently I have a working IdentityServer4 service that allows users to authenticate to active directory only. They authenticate and then they have no issue accessing the api. I'm using the the IDP server from IdentityServer4 Quickstart with all the local user account stuff stripped out. Here is my database:
My question is this, were are tokens stored? Only in the browser? Am I doing something wrong? Should there be some sort of database that holds tokens for SSO? It is working but I'm worried I'm missing out on some sort of functionality.
The PersistedGrants table stores the following type of tokens: authorization_code, refresh_token, reference_token, and user_consent.
Regular id_tokens and access_tokens are not persisted in the database, they will be passed to the client to be handled as it sees fit.
SSO is achieved when your IDP server creates a cookie contain identity and session information for your browser to reuse.
I have angular JS application that gets data from REST service with sql server backend. I develop and have control on all 3 parts - angular app, rest service and database.
I want to now add pizazz by making this app near real time by using Firebase. My question is - can I keep my current rest service and database for the most part and only use Firebase database and the library minimally and only where necessary to support real time?
You can do this using JSON Web Tokens (JWTs). This is possible because as you mention in your question, you control the REST service and the SQL server. Thus, because the server is trusted you can connect it to your Firebase database by authenticating it using a JWT.
As a result you can keep managing user accounts the way you currently do with the added "pizzaz" of making a subset of data available in "near real time". Firebase app JWTs can be generated with any existing JWT generation library and then signed by a SHA-256 HMAC signature.
Authenticating Servers
Because you are running a trusted server that is connecting your own Firebase database, you can authenticate it in several ways:
Using a Firebase app secret: All authentication methods can accept a Firebase app secret instead of a JWT token. This will grant the
server complete read and write access to the entire Firebase database.
This access will never expire unless it is revoked via the App
Dashboard.
Using a secure JWT with the optional admin claim set to true: This method will grant a server complete read and write access to the
entire Firebase database. This token will expire normally, so it is
important to set the expiration times accordingly.
Using a secure JWT designed to give access to only the pieces of data a server needs to touch: This method is more complicated, but it
is the safest way to authenticate a server as it lets the Security and
Firebase Rules prevent the server from doing anything it's not
supposed to, even if it becomes compromised in some way.
Source: Firebase Documentation -
https://www.firebase.com/docs/web/guide/login/custom.html
Generating Tokens
There are Helper Libraries available for many platforms but for this example I will use the Firebase Token Generator for Node.js made available by Firebase.
Firebase Token Generator for Node.js:
https://github.com/firebase/firebase-token-generator-node
Step 1:
Install the package using either npm or Bower (or compile from source).
Step 2: Copy the app secret from your Firebase instance's dashboard.
Step 3: Generate a token using Node.js by passing your Firebase app secret to the FirebaseTokenGenerator constructor method like this:
var FirebaseTokenGenerator = require("firebase-token-generator");
var tokenGenerator = new FirebaseTokenGenerator("<YOUR_FIREBASE_SECRET>");
var token = tokenGenerator.createToken({uid: "1", some: "arbitrary", data: "here"});