I would like to connect SAML service providers (let's say Zendesk for example) to my "Google Identity Toolkit" users.
Is there a way (or any plan in the near future) to allow GITKIT to behave as a SAML identity provider?
Google Identity Tookit does not support SAML provider or relying party yet. We do have thought of SAML integration but no concrete timeline in near future. You are more than welcome to post your request details to the Google Identity Toolkit mailing list.
Related
Is there a way to authenticate a user with SAML token using firebase as a backend? The company I am working with requires that SAML is used within the authentication system and I am not sure if this is possible with firebase as a backend.
Thanks
Maybe new GCP service "Cloud Identity for Customers and Partners" (in beta for now) could help you.
Cloud Identity for Customers and Partners (CICP) provides an identity platform that allows users to authenticate to your applications and services, like multi-tenant SaaS applications, mobile/web apps, games, APIs and more. CICP is built on an enhanced Firebase Authentication infrastructure, so it's perfect if you're building a service on Firebase, Google Cloud Platform (GCP), or on another platform, and need secure, easy-to-use authentication.
You can check SAML provider, Firebase is behind the scene.
This guide shows how to enable an existing web application for Security Assertion Markup Language (SAML) 2.0, with Cloud Identity for Customers and Partners (CICP). This will include accepting SAML assertions from identity providers (IdP) as a SAML service provider, verifying their contents, and producing a lightweight JWT that you can use in your application to verify authentication and perform authorization.
Hope it will help.
Updated on February 25th, 2020 :
I published a tutorial on how to integrate SAML authentication with Firebase and Angular app.
You can now use SAML provider with the new Cloud Identity platform. This platform works in combination with Firebase too.
Check Thierry's answer for more details.
Old/outdated answer below:
At the moment there is no built-in SAML provider for Firebase Authentication. See this discussion on the firebase-talk mailing list. From that post:
To support SAML authentication with Firebase Auth, you need to use custom authentication.
When the SAML response is posted to your server, your convert the SAML assertion to a custom token (minted via Firebase Admin SDK) and then pass that token to the client where you signInWithCustomToken. You can add any additional SAML claims to the custom token claims and they will propagate to the Firebase ID token JWT.
It's a valid feature request though, so I highly recommend to file a feature request.
We are using WSO2 IS 5.2.0 for user authentication and SSO across our applications. We have multiple web applications built on java technology.
All the apps are registered in WSO2 service provider and we are able to successfully authenticate user and able to do SSO.
User is prompted for login when he tries to access one of the apps for the first time. Once user logs in, he is able to access any application.
We are using HTTP redirect to achieve this. On the applications side we are using WSO2 java API (org.wso2.carbon.identity.sso.* package) to get the authenticated user details and claims information.
Now we have one more application in .Net (ASP) which we want to integrate into our application suite which should also use the existing SSO infrastructure.
Can someone please let us know how to integrate WSO2 and .Net application for user authentication and SSO. If it is HTTP redirect, then how do we decrypt user information from the SAML Response in .Net application?
Is there any webservice interface available which we can directly call from .Net application which can provide function to get user information by passing samltokenId?
There is a sample written using .NET in here [1] but it seems it is still undergoing development. I have asked the question in WSO2 Architecture mailing list[2] about the state of it (You can follow for more information) but still you can use it to get some understanding (Or as a full working solution maybe).
[1] https://github.com/wso2/samples-is/tree/master/dotnet-agent-saml-sso
[2] [Architecture] [IS] SAML SSO Agent for .NET
How can I pass the access token created on an OpenIdConnect Federated IDP to the developer application?
Currently, the federated access token doesn't get passed through the API Manager and the API Manager generates a new access token for the application.
You won't be able to plug in an external IDP and generate access tokens using an out-of-the-box API Manager. But you can implement a custom keymanager implementation and plug external third party keymanager to API manager and then use that tokens. See Configuring a Third-Party Key Manager in the product documentation regarding this. It has a sample where "Surf OAuth Authorization Server" is use as the key manager. You will be able to implement similar thing for your scenario.
following are some good posts related to this feature.
https://amilasnotes.wordpress.com/2015/06/20/customizing-key-validation-flow/
https://amilasnotes.wordpress.com/2015/05/19/integrating-with-a-third-party-oauth-provider-overview/
https://amilasnotes.wordpress.com/2015/06/07/provisioning-oauth-clients-created-out-of-band/
I've been trying to implement the SP initiated SSO with ADFS 2.0 configuration. But I could not find any solution to do that.
Not sure if the ADFS 2.0 supports the SP initiated SSO. I can see there are some third party libraries to do that but I don't want to use any third party libraries. I just need information on posting SAML request to identity provider and getting the SAML assertion back to the survive provider.
Here Service Provider is my application(asp.net) is and ADFS 2.0 is the Identity Provider.
Any idea how I can achieve this.
Thanks.
Your problem isn't ADFS - it's ASP.NET.
.NET has no SAML support. You need a third-party stack.
Refer: SAML : SAML connectivity / toolkit.
ADFS definitely supports the SP initiated SSO flow.
I am going to be using Web API for an upcoming project and was asked to integrate an existing STS provider into the equation as my authentication mechanism. Therefore my Web API would be the RP (relying party). I don't need any support to provide the actual token (like creation of STS Provider), just need to incorporate claims based authentication to the configured STS provider and use it in my Web API REST based service.
Does anyone know if this is possible, and some examples on how to implement this? I see full examples with creating a STS provider, but like I said it already exists. I just need to trust it and use for authentication purposes.
Depends which protocols your existing STS supports. You need to find that out.
Basically you need to do this:
request a token from your STS (from within your client app)
send the token to the Web API
validate the token inside Web API
The thing you need to find out is if 1. works with your custom STS - then we can talk about 2 and 3 ;)