I m building a multi-tenant mvc application hosted in windows azure.
I would like to leverage access control service to allow user to get authenticated thanks to google, facebook, live id etc...
I managed to get a simple authentication working with a postback url that is configured in the Relying Party Application Settings.
but in my scenario it is more like that:
client1.mydomain.com/login or client1.com/login will go to the the providers pages select let's say google then he will sign in and then he will be redirected to client1.mydomain.com/Admin or client1.com/Admin
how can I achive that for any clients? should I add a relying party application for each client? can it be done by code? Is it ok with facebook?
I would like also the admin panel to be in silverlight, once the client is authenticated will he remain authenticated in the silverlight app?
Thank you by advance for any help or links that can help.
Fred
To answer your questions I would say yes to all. Each application would have to be set up as a relying party. So you would need to configure your app to use WIF and point to your Azure ACS.
All of these scenarios are covered in the Microsoft identity developer training kit.
Hopes this helps.
Related
We have a website running on Kentico. When a user logs in there will be a link available for the user to navigate to a Salesforce Community. When the user clicks the link I would like to automatically log the user into the Salesforce Community. My Kentico Users as in sync with the Salesforce contacts/external users.
Has anyone implemented this? If so, can you share how you achieved? It seems like a SAML Assertion needs to be generated and posted but I am not familiar with how to do this.
Thanks in advance!
Since Kentico should not be used as the authentication provider for other applications, it will be easier for you to find out can SF Community provide some authentication API which then you can setup custom external authentication (through SF) in Kentico.
You can also consider using something like OpenID which is supported by both SF and Kentico. (https://help.salesforce.com/articleView?id=networks_authentication_options.htm&type=0)
I have an existing J2EE application which provides some specific features after logging in to the application.
I have to provide SSO to just ONE of the customer who logs into our application while the rest of the customers would still use the login page and login with their credentials.
I am planning to use OpenAM Fedlet act as SP deployed as a separate application in our container.
I need some help in understanding if i need a full blown OpenAM instance deployed within us. Please provide any insights if you may have on this .
You can use the fedlet as an SP for this user. The trick is identifying this particular user and initiating SSO for this person, and going to the login screen for everyone else.
I have integrated my application with Google apps marketplace with old version of OpenID and getting the data from Google calendar by using Google calendar version 2 API. Now I need to integrate every thing to new version. I have confused a little bit as Google is providing various authentication and authorization process. I looked in to OpenID connect, JWT (JSON Web Token), Google calendar version 3 service account. May any one please help me out from this issue like that should I use to authenticate as well as for authorization. Thanks in advance.
https://developers.google.com/accounts/docs/OAuth2 gives a good overview on various ways to authenticate with Google APIs and when to use them. For instance JWT is useful when your application uses Google APIs to store/retrieve its own data i.e. not to access data of your application's user.
Also see https://developers.google.com/google-apps/calendar/auth
I am writing a MVC 4 web app and want to use the new WIF and ADFS to Authenticate users. I also want to provide a profile page for users to "self serve" changes like phone number or maiden name.
I am looking for resources/tutorials (a good book) to show me how to wire it all up.
Users will be stored in active directory so I'm guessing that I should use the ADMembershipProvider for some of this. I believe there is a profile store attached to ADFS (or I can set one up) and I want to know if its good practice to interact with it directly or is the an API that with let me add claims etc.
Finally, how does all this fit into the new WebSecurity stuff?
You asked for books on the subject of ADFS. You could try the patterns and practices book A Guide to Claims-Based Identity and Access Control.
In terms of the ADMembershipProvider, you don't need it.
ADFS under the hood handles the AD integration, You configure claims rules which determine which attributes ADFS extracts out of AD.
Update
In terms of editing the user in AD, this is an Identity Manager scenario. ADFS is a STS so it doesn't handle this. You need to do this directly e.g. Howto: (Almost) Everything In Active Directory via C#. Be aware that you need an AD login that enables write access to do this. This is a different credential set to the set that allows you to login to ADFS.
ADFS just provides the login screen. Out the box you don't get any self-service functionality. You need to customise the ADFS screen yourself e.g. AD FS 2.0 Sign-In Pages Customization Overview.
I'd like to use Google AppEngine with Silverlight client. I'm hoping to use the Google login authentication mechanism within the Silverlight client. Is this possible? Does anyone have any example sites where a RIA client used in conjunction with Google AppEngine security?
Thanks.
You need to have your users log in via a regular HTML page, then send them to the page with the silverlight client. Anything else would be encouraging users to enter their credentials into a third-party site, which is a Bad Idea.
I really don't believe that is true, meaning if you have an installed application Google has a login that allows you to enter username and pwd in your application. I believe silverlight is closer to windows application. Here is the login mechanism
http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html