I have developed a custom adf application and deployed in oracle fusion cloud .I need the fusion cloud logged in user's name .Is there anyway to get it in my adf application.Thanks in advance
If your app is hosted as a sso enabled and has ADF security , you can use ADFSecurity context to get the details of the user, if the user is authenticated into your application
ADFContext.getCurrent().getSecurityContext().getUserName()
Related
We installed an enterprise application through the Azure AD App Gallery. But when we try to config the Single Sign-on, it keeps saying:
The single sign-on configuration is not available for this application
in the Enterprise applications experience. HubSpot is a multi-tenant
application and the application is owned by another tenant.
Do we need to change some settings to allow the setup of Single sign-on?
We followed this tutorial but are now stuck on "Configure Azure AD SSO".
When added the hubspot application from Azure AD Enterprise application gallery like below ,you should be able to see if SSO setting is available or not and the ways it can be supported for sso.(Here i can be able to use SAML based SSO, or linked SSO)
Then you should be able to edit the saml configuration
For me when I search the hubspot app created in app registrations, its under supported account type of my organization only.
Please check if the App is registered and added as Multi-Tenant App in your case and users have to use login for particular tenant instead of common to avoid error.
Also user accounts need to be pre-provisioned into HubSpot prior to
sign-in .
Reference:
Sign in with My Apps portal and Azure AD SSO in multi tenants application - Stack Overflow
I'm confused about the guideline I have to follow to embed some Power BI reports in a react app. I've been reading this documentation but I don't understand why I need an Azure AD app. By now I've created four Power BI reports and I've published them to the web (making them public and accessible for everyone). So, I've got four PBI links to access them. But I want to create a web app (probably with React) to embed them all in one link.
I understand that Azure covers authentication features, but my app will only show information, doesn't need users to log in or something. So, I guess Azure helps to authenticate to the PBI account I'm using. But if this is the case, why PBI doesn't ask me for authentication when I share the reports links with anyone?
Thank you in advance!
You need Azure AD app to have identity for your application, to authenticate to Azure AD (using MSAL for example) and for using the Power BI REST APIs. Check the following article: https://learn.microsoft.com/en-us/power-bi/developer/embedded/register-app
Since you are already logged in you don't need to login to PowerBi again, There are two ways to embed your PowerBI reports,
Publish to web -> Does not require authentication (Public reports)
Embed with authentication -> Hyperlink and token based ( Requires Azure AD)
You can check more information here
I have an existing J2EE application which provides some specific features after logging in to the application.
I have to provide SSO to just ONE of the customer who logs into our application while the rest of the customers would still use the login page and login with their credentials.
I am planning to use OpenAM Fedlet act as SP deployed as a separate application in our container.
I need some help in understanding if i need a full blown OpenAM instance deployed within us. Please provide any insights if you may have on this .
You can use the fedlet as an SP for this user. The trick is identifying this particular user and initiating SSO for this person, and going to the login screen for everyone else.
I have an node.js application with a working server2server GMail API communication via an service_account.
Everything works fine.
To be able to communicate with a users account, the G Suite Admin has to grant API Acess to the Client ID of my service_account manually.
As described here:
Impersonating list of users with Google Service Account
with a Marketplace App it would be possible, to grant access only to specific organizationals units (OUs) and it would be more fancy to use (enabling a marketing place app is more user friendly than configuring API Access for ClientID and Scope manually like here:
)
Now my question: Is it possible to provide a Marketplace App only for the purpose to grant API access for my application automatically? Will it get through the review when it has no other purpose? Any other hints on this?
Yes it is a working way to create a marketplace application to grant the API access automatically when the G Suite Admin installs this application.
The only restriction is, that your actual application has to support Google SSO to make it through the review process. So the user must be able to log into your Web Application by clicking on the icon in his G Suite account. If the user has no account in your web app, an account has to be created automatically (trial-account is sufficient)
I'm working on setting up a new SSO application. I would like to use ASP.NET Identity as a database to store the users data. I have a ReactJs application hosted on Node.JS and a .Net Web Api2 application. I want to protect thsi Web Api 2 using Identity Server with users from its database. In further development I'm going to create a mobile application.
I'm able to create an asp.net identity database with some users and use Resource Owner credentials, but I have couple of questions if anyone could help:
Why is Resource Owner Credentials not recommended? My current workflow is to hit the api with client&user&password and obtain a token which I store in web layer and use in Web Api requests. Web Api validates the tokens and identify the user. I read on IS page that's not recommended then what's the recommended scenario to authenticate the user?
How can I create an authenticator for mobile? Should I create my own certificate issue, store it in database as a thumbprint and use access token for that?
Thanks
In short, Resource Owner requires the credentials to be passed through the application itself, also RO doesn't give you SSO. Here's a longer answer. The recommended scenario is to use hybrid flow with PKCE enabled.
Look up TOTP. I believe it is implemented in AspNetCore.Identity with some examples.