I've configured wso2 IS to retrieve user information from AD, but now I don't know how to integrate Bonita 6.3.6 (community edition) with wso2 IS. How can I do it? Thanks.
In Bonita BPM official documentation you will be able to find a page that cover all the authentication process.
Recommended approach is either to:
Use the JAAS implementation of the authentication service and use (or create) an appropriate JAAS login module (if you have access to Bonita BPM Subscription edition)
Create a new authentication service (you can check interface and default implementation)
Related
Is someone already configure Google Workspace working with Snowflake and has user automatically created (as Okta can purpose)
Thanks for the help
If GSuite support SCIM, Then One thing that you may try is Custom SCIM integration as suggested here- https://docs.snowflake.com/en/user-guide/scim-custom.html
Currently, Custom SCIM integrations are supported for identity providers that are neither Okta nor Microsoft Azure AD.
Although I've not tested this with Gsuite, you may give it a try provided Gsuite has support for SCIM.
Google Workspace supports SCIM autoprovisioning on SAML apps that are already part of their Pre-integrated SAML apps catalog, although this is not explicitly mentioned in their documentation, Automated user provisioning is available only for Supported apps:
See About automated user provisioning
Snowflake would need to work with Google Workspace to see if their solution could be added to the catalog.
I am trying to integrate Salesforce with AAD, so I see two available options, either Saml or OpenId Connect.. I do not know which one is better, but I prefer OpenId Connect since it seems to be more modern. So I tried to register Salesforce App in AAD and Saml was the default options, so why is Saml the default option ?! is it better or what? Please note that I am building an API and I need to allow authentication and authorization with Single Sign On.
The Azure AD app gallery contains many popular applications that are already pre-configured to work with Azure AD as an identity provider. These applications will be available in the Enterprise applications and have SAML to perform SSO. Any application which is added directly from the Gallery the default method is SAML based SSO , password based SSO etc.. which depends upon the applications.
Kindly check the difference between the App Registration and Gallery application in Azure portal from the link
In order to get more detailed explanation about SSO types and protocols kindly check the document to get more detailed explanation.
If you have any further queries kindly let me know.
First of all, I am very new to the Salesforce platform. So apologies in advance if this is very straight forward and obvious.
So we are migrating our old app (based on .net platform) to Salesforce Community Cloud. One of the components in the app connects to the third party API service. The third party API endpoint uses Basic Authentication. We use service account credentials to generate basic authentication header.
We want to insert this component in a page using community builder. So whenever users visit the page, the component will pick the properties from logged in user, hit the third party API, get the required information and show on the page.
Is this doable in Salesforce? If yes, what is the best preferred way of achieving this?
Code-based approach - If your API is HTTP-based it's easy to implement in Salesforce via Apex callouts. The service account credentials should live in an instance of a Named Credential, it works together with a callout. Named Credential will automatically generate a Basic Auth header for you; this option in the Named Credential config screen is unhelpfully called "Password Authentication".
Declarative-ish approach: take a look at External Services:
With External Services, you use SF tools to import Swagger or
Interagent-based API definitions right into Salesforce using a schema.
Once you import the definitions, you can create a flow based on the
Apex classes generated from your External Services registration.
I am currently looking to connect ADFS with GLPI or Centreon , but I found that I can't because these two apps don't use SAML .
I am now focused on how can I connect GLPI or Centreon to Azure AD using Application Proxy to authenticate with tenant Azure AD account.
But after configuration I can't log in to the application itself ..
my main question is of GLPI or centreon are planned to work with Azure AD.
Has someone has worked on this kind of project? It will help me out to have more info.
Centreon doesn't manage Azure AD so far.
No enhancement is visible in the roadmap for this.
However, Centreon supports LemonLDAP::NG as a frontal.
There are 2 plugins available for GLPI that enable SAML authentication.
https://plugins.glpi-project.org/#/plugin/fpsaml
https://plugins.glpi-project.org/#/plugin/phpsaml
I struggled with fpsaml, the configuration was overly complex and required editing configuration files that could be overwritten IIRC. The plugin has not been updated in some time and it was last compatible with GLPI 9.1.3.
I ended up writing the phpsaml plugin using the Onelogin SAML Toolkit. Using phpsaml you can configure all SAML settings from the plugin configuration page. It is compatible up to GLPI 9.6.
You can find more info on github at
https://github.com/derricksmith/phpsaml.
I don't have previous experience in this kind of projects, but I know SAML is supported by GLPI as external auth.
You'll need to setup your apache (or whatever web server you're using to support it and GLPI config would be quite easy.
I'm tried to build a new rich application and i'm having some problems designing the authentication process.
I've only two requirements :
An API needs to be available
An ADFS needs to be used to authentication
My first thoughts was to build the API and to use Angular.js for the frontend. However, I can't see how the authentication should work.
My API needs to be available though scripts. As far as I saw, the ADFS authentication always display t the webpage for the authentication process.
API are usually secured with OAuth2. We used an client id and a client secret to generate a token. But I can't have this behavior with an ADFS.
The only solution I see is to provide two authentications behavior with my application. One with the ADFS for the web access and in the web interface, add a possibility to generate a client id and a client secret associated with an user account that could be used for the API to the headless authentication.
Someone has already faced this kind of scenario?
Thanks a lot!
I assume the 'ADFS needs to be used for authentication' really means 'users should be able to use their Active Directory domain credentials to authenticate'.
If that is the case, you should take a look at Thinktecture IdentityServer. It's an OAuth2 authorization server that you can use with a Active Directory identity provider.
P.S. ADFS 3.0 that comes with Windows 2012R2 only supports the authorization code grant, which is not suitable for JavaScript apps.