Posts

Showing posts from February, 2017

OAuth vs SSO: Which One Should I Use?

Image
Currently, I am working on one project which provided me a lot of opportunities to learn about OAuth 2.0 and SAML and better understanding on which one to choose for SSO strategy. I am choosing this topic because most of the people get confused between these two. While they have some similarities but they are very different too and to put it one line. I would say “OAuth is not Single Sign-On” What is the difference between OAuth 2.0 and SSO? OAuth (Open Authorization) is a standard for authorization of resources. It does not deal with authentication. It allows secure authorization in a simple and standard method from web, mobile and desktop applications. If you try to log into Stack Overflow using Facebook, you’ll be redirected to Facebook’s website and will see something like the following: Once authenticated with Facebook, it will ask for Stack Overflow’s permission to access your resources l ike your name, Email id, Profile picture and so on. This is an authoriz...

Set up Shibboleth SP as a SAML 2.0 service provider with G Suite

Prerequisite: Basic understanding of SAML 2.0, SSO and Shibboleth SP.   SP setup up and working on your instance. Must having administrator account to register your SP on G suite G Suite setup: Login to  https://admin.google.com  using your administrator account. Click  Security > Set up single sign-on (SSO) Click the  Download  button to download the Google IdP metadata and the X.509 Certificate Now click on  Apps > SAML apps . Select the  Add a service/App to your domain  link or click the plus (+) icon in the bottom corner. The  Enable SSO for SAML Application  window opens. Click  SET UP MY OWN CUSTOM APP We have already downloaded the certificate and Idp Metadata, click  NEXT On the Basic application information window, Enter the  Application name  and Description values. In the Service Provider Details section, enter the following URLs into the  Entity ID, ACS URL , and...

Singleton Class Vs Singleton bean scope

I have seen people getting confused between singleton scope vs singleton design pattern. Basically, there is a bit difference between these two. Singleton scope: The spring support five different scopes and it is used to decide which type of bean instance should be returning from Spring container back to the caller. One of the scope is Singleton and the by default scope too. It returns a single bean instance per Spring IoC container. <bean id=”object1” class=“com.package.classname”/> When I said, single bean instance per spring Ioc Container i.e. you will always get the same object regardless of the number of call of the same bean but if you declare another bean for the same class then you will get another object for another bean. Let’s understand this with an example: <bean id=”object1” class=“com.package.classname”/> <bean id=”object2” class=“com.package.classname” scope=”prototype”/> <bean id=”object3” class=“com.package.classname”/...