How to integrate Magnolia CMS with Keycloak?
I need to have a Single Sign On with Keycloak, but haven't found a way (so far I was examining the configuration documentation and wiki pages for Magnolia).
I'm very new to Magnolia so this actually might be a noob question.
As a side note: Might not be best starter task if you are very new. Consider getting training where authentication and it's configuration is explained at length.
As for the task at hand, you would want to write your own authentication module and place it in the chain of JAAS modules Magnolia/Tomcat will evaluate when authenticating users.
There is similar module written looong time ago for NTLM based authentication that you can take as a blueprint (assuming you are enterprise customer and have access to enterprise code) for what you want to achieve. Otherwise, there's only stuff that is on documentation that might help.
- NTLM Module
- General security documentation
Might be frustrating starting experience tho.
Related
Perhaps I'm not thinking clearly but I have an existing website/application that I want to "front-end" with DNN without re-writing the application in DNN's modular format, i.e; I want DNN to handle membership, authentication, etc. Authenticated users could then access my existing web application.
There are a couple articles here that discuss what it might look like when integrated and some discuss the pitfalls that might be associated with such an arrangement, however none of the articles outline the steps I would need to take to deploy DNN this way.
I have been unsuccessful in my attempts to setup child sites or even parent site in DNN host management that will successfully point to my existing application. It errors out because it's looking for all the DNN libraries.
When I try adding adding a virtual application/directory in the DNN site definition (IIS) that points to my existing web app, I get DNN's error page stating the page doesn't exist.
I don't want to rewrite the application as a module, but if someone would be kind enough to walk me through the steps of setting the two websites up so they can share membership information, I would be terribly grateful. What would I need to setup in IIS, DNN, and my existing website.
Thank You...
C. Lane
You pretty much won't, you can have DNN running side by side with another application running, or you can convert content/modules/functionality into DNN.
If you want to share membership, you'll have to code your application to use the DNN authencation/users/profiles, but there aren't any step by steps for that.
This question actually comes up pretty frequently. An easy solution would be to have both applications use AD authentication. Probably not the solution you are looking for but its the simplest.
I've never tried it, but if they are both using SqlMembershipAuthentication, you might be able to configure both to point to the same database (the dnnDB). Check this link for SqlMembership configuration.
I'm sure DNN wouldn't support this, but it could work,... I think.
My organisation has several web facing ASP.NET Web Forms Apps. They currently use Windows Authentication with impersonation enabled. The web apps are hosted internally but are exposed publicly via different domains e.g. www.abc.com & www.xyz.org.
A new requirement, is that a single log on page will be provided for all users of these apps to log in via.
Some of the solutions proposed are:
Implement an OpenId Provider backed by Active Directory (DotNetOpenAuth), modify existing apps to become relying parties of this OP.
Implement SSO through MS Forefront Threat Management Gateway.
I don't have experience with either of these. Are the proposed solutions feasible? What are the pros and cons of each? Are there other solutions that might be more appropriate?
OpenId Provider is a fairly good idea. It will be an easier route and there are some good details around the web.
You may also want to look into Active Directory Federation Services.
http://msdn.microsoft.com/en-us/library/bb897402.aspx
It is not uncommon for businesses moving to hosted solutions look to implement federated services and this is something Microsoft anticipated when setting up and creating Azure - to be corporate friendly.
They have put together a comprehensive guide here, which while not directly related to your question, does have extensive details about the technology behind federated services.
http://msdn.microsoft.com/en-us/library/windowsazure/hh127796.aspx
For more thoughts and information on, specifically the pros and cons, take a look at these articles which answer it in more depth:
http://technet.microsoft.com/en-us/magazine/ff721824.aspx
http://windowsitpro.com/active-directory/ease-cloud-security-concerns-federated-identity
http://www.csoonline.com/article/221034/the-truth-about-federated-identity-management
Some DotNetOpenAuth thoughts:
http://www.codeproject.com/Articles/325228/Choosing-technologies-for-NET-project
http://social.msdn.microsoft.com/Forums/en-US/windowsazuresecurity/thread/7a1c4e0c-346c-4008-9e5c-87ba1273b2aa/
Finally, we have personally gone with OpenAuth for one of my teams solutions. The implementation was fairly painless once we took time to really understand the RFCs (which was no easy feet, but worth taking the time to do). There are also a ton of resources on the web to get a hang of the implementation.
I started on Spring a few months back and the Security topic seems the most complex to me. With Acegi moving into Spring I could not find a single tutorial that tells step by step way to add security to a Spring app. Please help me. My requirements are as follows:
I have several roles in application, they are not hierarchical roles (meaning Role A not necessarily have all roles of Role B etc).
I want to integrate it to use my own User table where I would store Username, encrypted password (one way encryption) and I want to use either Hibernate or any Spring inbuilt component (read the class name JdbcDaoImpl somewhere, have no clue how to use it though) to access the DB data.
I probably don't want method level security because I want to use Spring taglibs to selectively show/hide menu items, however there should be way to prohibit unauthorized user to access a page directly through URL.
I don't want ready made code, (this tutorial for example confused me to hell, since it doesn't even have Spring security name-space declaration in security.xml), I would appreciate rather a step-by-step guide on how to achieve the above in a Spring2.5/Hibernate3 application using Spring security.
Thanks for your time.
Well without knowing what you've already read here are the articles I used to first start. Note that a lot of the Acegi Security articles are still relevant, Spring Security uses almost all the concepts from Acegi - the only thing they really added was simplifying [some] configurations - like the auto-config for security situations that exactly fit their use case.
Securing Java applications with Acegi
Acegi Security Fundamentals
Pathway from Acegi to Spring Security 2.0
I am about to write a tender. The solution might be a PHP based CMS. Later I might want to integrate an ASP.NET framework and make it look like one site.
What features would make this relatively easy.
Would OpenId and similar make a difference?
In the PHP world Joomla is supposed to be more integrative than Druapal. What are the important differences here?
Are there spesific frameworks in ASP.NET, Python or Ruby that are more open to integration than others?
The most important thing is going to be putting as much of the look-and-feel in a format that can be shared by any platforms. That means you should develop a standard set of CSS files and (X)HTML files which can be imported (or directly presented) in any of those platform options. Think about it as writing a dynamic library that can be loaded by different programs.
Using OpenID for authentication, if all of your platform options support it, would be nice, but remember that each platform is going to require additional user metadata be stored for each user (preferences, last login, permissions/roles, etc) which you'll still have to wrangle between them. OpenID only solves the authentication problem, not the authorization or preferences problems.
Lastly, since there are so many options, I would stick to cross-platform solutions. That will leave you the most options going forward. There's no compelling advantage IMHO to using ASP.NET if there's a chance you may one day integrate with other systems or move to another system.
I think that most important thing is to choose the right server. The server needs to have adequate modules. Apache would be good choice as it supports all that you want, including mod_aspnet (which I didn't test, but many people say it works).
If you think asp.net integration is certanly going to come, I would choose Windows as OS as it will certanly be easier.
You could also install reverse proxy that would decide which server to render content based on request - if user request aspx page, proxy will connect to the IIS and windoze page, if it asks for php it can connect to other server. The problem with this approach is shared memory & state, which could be solved with carefull design to support this - like shared database holding all state information and model data....
OpenID doesn't make a difference - there are libs for any framework you choose.
Is there an open rbac framework for asp.net? there a few solutions for rails but i cant find a simple rbac system for asp.net. is there something that can be used and extended?
This article looks like a good place to start (it is best to drill into the links the author references for more information, but make sure that you read the article as well):
Implementing RBAC on .Net:
Recently I worked on RBAC (Role based
access control) implementation within
.Net. A comprehensive work on this
topic is done by Mark Strembeck XoRBAC
Home Details on RBAC concept can be
found at NIST RBAC
While the design approach given in
Strembeck's work was comprehensive
enough to be realized on .Net, the
default implementation (done on XoTcl)
used extensive patterns from the
language (e.g. ability to use an
object as a class!), so a quick port
of that to a complete .Net
implementation of the design would
have taken a bit of an effort in my
current project. Well, instead of then
implementing the solution, I selected
MS Authorization Manager (I know folks
will say, Dah... that would have been
a no brainer). This is a small library
and a management console prrovided on
Windows 2003 and 2000 that implements
most of the RBAC requirements.
Maybe I've missed the point here, but ASP.NET ships with a pretty robust Role Provider framework - it should be very easy to find many open source implementations, if you really don't want to use the implementation that it comes with.
A comprehensive article on RBAC was found on RBAC Wikipedia. Instead of researching on how to implement the features mentioned in the article, I tried to find security framework which allows a non-technical guy like me to apply security on asp.net applications and found following frameworks:
Portal Guard
Visual Guard
Member Protect