I've some web application which authenticates on Keycloak and call EJBs. The security in Wildfly is configured with Elytron and the security context is propagated correctly between web and EJB.
Now I've to write a java client (desktop application) which have to call the same EJBs on the server using Wildfly http+remoting.
I suppose I need to configure SASL authentication against Keycloak on Wildfly, probably using oauth bearer token obtained by java client logging in with Keycloak.
I can't find any information about how to configure SASL with Keycloak on Wildfly. Does someone have some hit about that?
Related
We have a requirement to integrate our spring mvc web application with ping federate authorization server. Ping federate server is in secured intranet domain which spring mvc web application can't access.
We are looking into get JWKS public keys from ping fed offline and store in spring web application for validating identity token received from ping fed.
We would like to understand below:
Best way to make JWKS public keys from ping federate authorization server available to spring web app (not sure if ping fed can post these public keys to an API opened on spring web app)
Is there any set default timeline that ping fed rotates the keys if it does rotate?
I have a problem with use custom domain on SignalR Azure Service with my ASP.NET WebForms app containing SignalR hub.
I configured custom domain at SignalR Azure Service as in the picture
Azure SingalR Service custom domain configuration
When i use connection string like this:
"Endpoint=https://example_endpoint;AccessKey=example_accesskey;Version=1.0;"
everything works perfectly and I get WebSocket transport.
But when i trying to use custom domain in connecton string like this:
"Endpoint=https://example_endpoint;AccessKey=example_accesskey;ClientEndpoint=custom_domaint_endpoint;Version=1.0;"
I get "HTTP Authentication failed; no valid credentials available" error and my transport is switching go SSE.
Console SignalR client logs
What should I do on server or client side to have SignalR communication with custom domain and WebSockets transport?
Hi Keycloak devs and gurus,
I wanted to setup keycloak, using openid-connect with 2 realms.
Where realm1 will contain client(s) application
And realm2 contains the users
The users will then access the client applications in realm1 by authenticating through realm2.
I found this link --> idp initiated sso using keycloak, but it is implemented based on SAML not on openid-connect.
Your help will be much appreciated.
I think that you can convert realm2 as an idp keycloak OIDC and connect realm2 to realm1 (by creating an idp in realm1). Then, configure the idp redirector in the browser authentication to automaticaly redirected to realm2.
I successfully configured WSO2 API Manager 1.8.0 [e.g. https://wso2am.com:9443] and WSO2 Identity Server 5.0.0 SP1 [IS] acting as Key Manager [e.g. https://wso2is.com:9443] in a clustered setup on 2 different servers.
I also configured a Service Provider in the IS using a SAML SSO Inbound Authenticator and tested it with travelocity.com sample app.
The sample app builds the SAML request in the right way, but https://wso2am.com:9443/samlsso?SAMLRequest=[base64stuff] returns an HTTP Status 405 - HTTP method GET is not supported by this URL.
Changing the url in https://wso2is.com:9443/samlsso?SAMLRequest=[base64stuff]
leads to successful authentication.
Basically I want to be redirected to wso2am login page and not wso2is login page.
In this way, I could deploy in DMZ WSO2AM only, leaving WSOIS in the internal network.
How can I do?
Thanks
In this scenario I think your authentication request must be directed to IS server, not APIM. The IS server is the one who does the authentication. Hence it acts as the IDP. APIM is just a service provider (SP). Even if you succeeded (even it's not the correct behaviour) with sending a SAML request to https://wso2am.com:9443/samlsso endpoint, it will redirect you to the login page in IS server. So you have to send the SAML request to the https://wso2is.com:9443/samlsso endpoint for successful authentication & for the correct behavior.
I have a WCF service hosted in my local IIS and I'm trying to access it from my windows application. The binding uses the authentication mode as 'IssuedTokenOverTransport'
I have another service hosted in the same IIS which issues a SAML token. Windows application first calls this service, takes the SAML token issued by this service and uses the same token to call the WCF service.
There is no problem in getting the SAML token. But when WCF service is called with the same SAML token, I get the 'SecurityAccessDenied' exception : 'At least one security token in the message could not be validated.'
Can someone help me t get rid of this issue? I want to access service over HTTPS.
The problem was with the server certificate. In web.config, the server certificate was configured with the certificateValidationMode="PeerTrust". This was expecting this server certificate in the ‘Trusted People’ store and it was not available there. When I copied it there, the problem got resolved !