Hii I am new to salesforce and also to openam, can some one please tell me how to start up with and detail implementation of single sign (both SP & IDP initiated) using salesforce as SP and openam as IDP
Thanks a lot in advance
Have you had a look at ...
http://openam.forgerock.org/openam-documentation/openam-doc-source/doc/admin-guide/index/chap-federation.html#salesforce-as-sp
?
Of course making yourself familiar with SAML2.0 spec will help a lot.
Related
I feel like I'm missing something, either in my understanding of SSO, or in how IdP-initiated in the example projects (MVC and Core) at ITFoxtec.Identity.Saml2 are working.
It seems like the only project set up to be the IdP is TestIdPCore, yet the only projects that have IdPInitiatedController seem to be set up to only be an Service Provider (relying party?).
I dropped IdPInitiatedController into TestIdPCore and was able to get Initiate() to work.
I guess I am confused on how to get IdP-initiated working with the examples as they are.
Thank you for your time, both in the work done and in your responses!
It sounds like you understand IdP-initiated correct. In the old days the solution did not contain the TestIdPCore IdP sample. Therefore, the IdP-initiated sample is placed in a SP (Service Provider).
But you are right, I should move it to the IdP sample.
If you like, you are welcome to do a pull request to move the IdP-initiated sample to the TestIdPCore IdP sample.
Mi customer saw this article and asked if we have a more detailed documentation on how to make Azure AD uses the MFA from RSA instead of our own. Does anybody have guide on how to do it?
https://www.rsa.com/en-us/company/news/rsa-integrates-with-microsoft-azure-active-directory-for-two-factor-authentication
Regards,
Marcus Milhomem
The customer is a user of RSA and their security team prefer RSA over Azure MFA
I am really looking for a technical documentation on how to do this integration.
There are two good places where you can leave document feedback and have the Azure AD team directly reply:
User Voice: https://feedback.azure.com/forums/169401-azure-active-directory
The other place is on the doc-issues themselves. This one might be an appropriate spot given that RSAs are mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/github-tutorial
I would strongly recommend leaving the feedback in user voice, since the product team monitors that feedback and adds it to their work items.
Hope this helps! If you make a request you can link it here and I can try to push it up to the product team and make a work item for it.
I am trying to learn identity server 4 as a token server for a client application. I came across a very well written tutorial by Scott Brady. I am trying to start by using the sample code from the article at https://github.com/scottbrady91/IdentityServer4-Example . The issue I am having is that when I login the “Client Application Access” screen give me a message “You have not given access to any applications”. Lots of searches and attempts have failed to solve this issue. I am hoping someone can point me in the direction of how to give access to applications.
Thanks in advance for any direction.
Thanks
It's not an error message. The View that your are seeing is because that you have not authorized any clients to access your profile.
After giving consent to client(s), The Page will show the list of clients that can request your profile data from the identity server.
I'm assuming that you're only running Identity Server. You need run both Client and Identity Server to understand the complete flow.
I was wondering if it will be possible to implement 2fa using Twilio and Ionic 2. I have tried finding tutorials but so far had no luck. If there is no way, is there any alternative? Any help would be appreciated. Many thanks!!
Twilio developer evangelist here.
We haven't got a tutorial for building 2FA specifically with Ionic, however it's surely possible. I'd start by checking out our tutorial on building 2FA with Authy and see if you can apply that to Ionic.
I'm trying this right now. And found on a forum detailed step by step instructions. Also hints about saving and configuring 2FA codes for phone #' s. I can't post a screenshot because my reputation isn't high enough yet but ill post part of the forum and gist below..it goes on a bit more with footnote links.
Good luck.
Posted by NoGoodDeed on https://productforums.google.com/forum/m/#!starred/gmail/ErW7gPYpIaQ:
...Is it possible that it is on google end do to app passwords...
Yes.
Before I give some instructions and links, I want to confirm somethings. Do you have a Gmail account?
If not: Go [1] HERE and click on the red CREATE AN ACCOUNT button to get started.
A Gmail account will end in #gmail.com, so do not use your own email address when creating an account.
If so: Go to the next question.
Do you have namesilo configured to send emails to the above Gmail address?
If not: Please do so.
Unfortunately, I can't help you with that.
If so: Good. Go on to the next step.
With a computer, go to mail.google.com and sign into (if needed) to the Gmail account that you have namesilo forwarding emails to.
Then [2] Turn On 2-Step Verification. With 2-Step, you have some more options.
I suggest that you [3] Install Google Authenticator instead of just having a SMS or Voice call come to your phone.
Instead of using the official Google Authenticator app, I recommend using the [4] Authy app.
The Google Authenticator and Authy apps are free & Google doesn't charge you to set up or use 2-Factor
I need to set up Shibboleth IdP to validate user name and password against a custom application.
Our application exposes a REST API to which one can pass a user's credentials and either returns a 401 on failure or a JSON object with some user metadata on success.
I was able to achieve this in SimpleSamlPHP IdP with a 30-line class, but having to switch to Shibboleth, I am having a hard time finding directions to do the same there.
Reading through the documentation the suggested solution seems to be to create a custom back end for the password login flow but the Wiki does not explain in detail how to do this.
Can somebody point me out to some tutorials or sample code on which files need to be created or changed in order to do this (even basic examples of checking against a credential file or database would be fine)?
You are looking for an [External Authentication Flow] (https://wiki.shibboleth.net/confluence/display/IDP30/ExternalAuthnConfiguration)
For an example, see the shib-cas-authn3 project (https://github.com/Unicon/shib-cas-authn3). It uses the CAS Server to authenticate the users. It then creates an IdP session from information retrieved from CAS.