I have an application which is completely written in Java with Spring framework. Right now I need to integrate this application with some other application that is written on WordPress. I need to seamlessly support the same user database for both of these application. I understand that I need some kind of Single-Sign On(SSO) that is supported of Spring(can be used with Spring Security) and WordPress.
Right now Spring application manages users via own Spring OAuth2 Authorization server. Is it possible to use this server in a separate WordPress application ?
Could you please recommend some SSO solution for this case ?
UPDATED
Maybe it is possible to use CAS Jasig for this purpose ? Do we have support of Jasig for WP and Spring ?
If so I have an additional question about Jasig CAS architecture - where users for WP and Spring MVC applications must be stored ? I mean it is a single store(for example the same mysql database) or it can(must) be a different stores for each application ?
Related
What I am trying to achieve:
I currently have mobile apps on top of services and would like to add a web site on top of the same services.
Services details:
ASP.NET Web API project using OAuth (bearer token) and Identity for authentication and authorisation.
Microsoft.AspNet.WebApi 5.2.3
Microsoft.Owin.Security.OAuth 3.0.1
Microsoft.AspNet.Identity.Core 2.2.1
Mobile details:
Xamarin projects.
Xamarin.Forms 2.3.3.193
What architecture should I use for the web site?
Create a new ASP.NET MVC project and call my current services from the MVC controllers? This seems bad because:
I would have 2 layers of controllers (web site MVC controllers calling services API controllers)
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
Create a new ASP.NET MVC project and call current services database directly? This seems bad because:
I would have to duplicate the models in the services project and in the web site project
Create a new ASP.NET project and call my current services using ajax? This seems bad because:
I would need to create my own register/login pages
I would need to store bearer tokens in cookies
I would need to manage the tokens and cookies expirations
I would need to say bye to future social authentication (OAUTH2) implementation because I wouldn’t be using OWIN
Thanks,
fcorbeil
If you already have the API a brand new MVC app shouldn't be such a bad choice. If you have your models stored in a different project just reference them to the MVC one. As for the services, them would work perfectly with the new application. This all can be achieved without changing almost nothing to the current implementation.
I am working on a project and using a similar architecture.
I decided to create an Angular project for the website front end and all it does is talk to the Web API. Angular handles the JWT authentication really well. If you've never worked with Angular before, it is really nice to work with.
However, a vanilla ASP.NET MVC web app would work just as well.
It depends on how comfortable you are with Angular, or how willing you are are to learning it! :)
My client is using shibboleth for other software systems ( eg. Library service, photocopying facilities, study material databases ). He wants my web application also be configured with shibboleth so that a single identity can be used throughout the system for a user.
I am new to Shibboleth. I don't know how to start. what are the steps needed to fit it in my application (asp.net , vb ). i have read the docs provided by shibboleth. but don't know the starting steps.
I don't know nothing about Shibboleth, but I would do the following: first check if Shibboleth provides any authentication APIs. If yes, integrate with them, otherwise integrate with Shibboleth database directly and implement customized authentication for ASP.NET application.
I'm having all kinds of trouble understanding this. Every article I read seems to have some unmentioned prerequisite amount of knowledge.
I have written a WCF service that was initially designed to be an intranet service. Now we are moving this service to a cloud hosting solution and it needs to only let authorized users call its methods.
I've since created an ASP.Net MVC 5 website for support purposes. The idea for this is that support staff will login to the mvc site with seeded credentials and add users as they sign up for the service. At the moment, users should not need to enter username or password anywhere. The service client will have username and password knowledge via local settings or configuration file or something and the authorization will be invisible to users. The MVC project seems to be working fine after some changes to the out-of-the-box flow. The database (remote) is created and being populated with new registered user information.
Because the WCF service is in a different project, and to keep a level of portability I have referenced that project in the MVC project. I then added a "wrapper" wcf service to the MVC project that I intend to be the forward facing door to the existing WCF project. In this wrapper wcf service is where the authentication should happen. I don't understand how to tie the ASP.Net Identity authorization used in the new MVC project into the wrapper wcf service. How can I make the wrapping service authorize user credentials against the identity database created and populated using the MVC site?
Thanks,
PS
Transport security is not my issue at the moment so if possible leave those topics out.
I'm working on a project using ASP.Net MVC5 which also includes a Web API. The API will be for internal use only. I'm using the OWIN library to provider authentication.
I'm having a difficult time figuring out how to correctly implement authentication through the API. I was planning on using OAuth 2.0 but the problem with OAuth is that the user needs to login through a browser page instead of a native login screen. So I was wondering if it is possible to somehow skip the browser.
I've found this example which creates it's own OAuth Authorization Server. But it doesn't show how to make the login native.
If it's a highly trusted client, then you can use the OAuth2 resource owner password flow. You can look at the VS2013 SPA template and/or read on this post:
http://leastprivilege.com/2013/11/13/embedding-a-simple-usernamepassword-authorization-server-in-web-api-v2/
You could use Thinktecture.IdentityServer v2 as a light-weight security token service.
https://github.com/thinktecture/Thinktecture.IdentityServer.v2
You will need to create a WOPI host, which is basically a software solution that can take advantage of the browser-based Office(office web).
Create a custom WOPI host and configure it to use Office Web Apps Server to provide the browser-based file viewing and editing for Office files.
Nice sample on Microsoft MSDN
I have a web application developed using Java (Java EE), spring & Hibernate. We are planning to use Apache Shiro for role & access management. One of our client requirement is to use some CMS functionality along with the web application, for which Drupal has been selected. Since all the users are created in the Java based web application we would like to enable Single Sign on between the Java web app and Drupal.
With the SSO enabled users of the web application should be able to access the pages (static content, blog etc.) created in Drupal.
Your best option would probably be to use CAS to handle SSO for both Drupal and Shiro. Drupal has a CAS module and Shiro can also be configured as a CAS client. You haven't provided any details in regard to exactly how your user accounts are maintained, but ideally that sort of data would be kept in a directory system such as OpenLDAP or Active Directory.