How to generate open token with the help of agent_config file that will get from ping federate?
I have received agent_config file from ping federate and I am trying to generate open token.
The only supported method for OpenToken generation is by using a PingFederate Integration Kit from Ping Identity. If you are not a customer holding a PingFederate license, you are not licensed to use these kits, and must integrate via a standard of some sort, like SAML or OAuth.
Agent agent = new Agent("agent-config.txt");
Map userInfo = new HashMap();
userInfo.put(Agent.TOKEN_SUBJECT, "username");
String openToken=agent.writeToken(userInfo);
Related
I am trying to configure OpenAM qr code service chain as an identity provider for another application, and I am giving the client the URL of the identity provider which is http://localhost:8443/openam/XUI/#login/&realm=/&service=qrLogin, But after a successful login using the qr code the client prompt:
Missing state parameter in response from identity provider.
Is this even possible ?
What type of authentication is the qr code of OpenAM: Saml or open id connect ?
if this is possible what am I doing wrong ?
We are trying to Sign In the user using OpenID Connect provider - using Code Flow (works fine with implict flow). Issue we are experiencing is that our OIDC provider requires private_key_jwt auth metod to be used.
Only option on Identity Platform when we create custom OpenID Connect provider is Client Secret. I assume we would need to pass Private Key (as with Apple Provider) instead of Client Secret for this to work? Is that even possible with Identity Platform?
No, In Identity Platform Authentication Using OpenID Connect with Apple is not possible with Private Key for that You have to Generate Client Secret.
The reason why we need to create Client secret(for Apple Provider) is mentioned here in the Article as :
Apple’s support for OAuth2 has a number of differences compared to all
the other social providers. Most providers (Google, Github, Facebook)
generate the client_id and client_secret for you. You just need to
keep them in a secure place on the server. In the Apple process, you
first download a private key, and then generate a client_secret using
that private key. The other difference with Apple is that they don’t
support using localhost as a redirect. In the end, I initiate the
OAuth2 process on the Flutter client; but all the redirects and the
token exchange process happen on the server.
In order to generate the client secret, You can follow the steps mentioned in the Article.
For more information, you can refer to the Answer on how to generate client secrets on Apple Platform.
Connection works fine following this tutorial when using:
var connection = (SqlConnection)Database.GetDbConnection();
connection.AccessToken = (new Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProvider()).GetAccessTokenAsync("https://database.windows.net/").Result;
But now the docs say "Microsoft.Azure.Services.AppAuthentication is no longer recommended"
So changing my connection as described in Using Azure Active Directory authentication with SqlClient I get the following errors:
Using Active Directory Integrated authentication
Integrated Windows Auth is not supported for managed users.
Using Active Directory Managed Identity authentication
Tried to get token using Managed Identity. Access token could not be acquired. A socket operation was attempted to an unreachable network. (169.254.169.254:80)
Nothing is blocking that address, but also where is it getting that IP from? The tutorial's code used https://database.windows.net/ to get the token (which resolves 65.55.23.107).
Can/should I override that address somewhere?
Any other config missing?
These auth ways apply to different scenarios, for example, if you want to use Active Directory Integrated authentication, you need to federate the on-premises AD with Azure AD via ADFS, if you want to use Active Directory Managed Identity authentication, you must run your code in an Azure service which supports MSI(need to enable MSI first), because the code essentially makes an API call to the azure instance metadata endpoint to get the access token, then use the token to auth, it is just available in the MSI-supported service.
So if you want to migrate the code from the old sdk to the new one, you need to choose the correct auth way that applies to your scenario. Here I recommend you to use the Active Directory Service Principal authentication, it can apply to any scenario, please follow the steps below.
1.Register an application with Azure AD and create a service principal.
2.Get values for signing in and create a new application secret.
3.Grant the permission to the service principal with CREATE USER [Azure_AD_Object] FROM EXTERNAL PROVIDER.
4.Then use the code here, fix the values with yours and got from step 2.
string ConnectionString = #"Server=demo.database.windows.net; Authentication=Active Directory Service Principal; Database=testdb; User Id=AppId; Password=secret";
using (SqlConnection conn = new SqlConnection(ConnectionString)) {
conn.Open();
}
Given user credentials (i.e. username, password), I'd like to authenticate the user from within our web-api applictation.
I'm considering using a class derived from Attribute and IAuthenticationFilter. The class will use HttpClient to connect to an AD FS server, submit user credentials and retrieve resulting tokens. Selected methods within ApiController(s) will be decorated with the above attribute.
Will the above work?
What is a uri format that needs to be sent to the ADFS server?
Does the http request sent to the server need a body/payload?
What is a response format from the server in case of success (with token)/failure?
I'd appreciate any examples and pointers to on-line docs.
Thanks.
OK - with 3.0 refer to this. You use OWIN and ADAL.
4.0 has full OpenID Connect / OAuth support. You use OWIN and ADAL. Refer here.
I'm generating an LTPA token in datapower after the authentication.
I want to store this token for further processing.(to validate against another request)
How can I store/cache this token in datapower?
If you are on firmware 7.2 or 7.5 you can write to file system using GatewayScript or you can store it in a system variable (set-system-var) but I would advice against that!
Another option might be if you are using IBM MQ to store it as a topic.