Posts

Showing posts with the label SAML

Shibboleth Idp with External Authn Configuration

Image
Shibboleth Idp comes with by default various flows like UsernamePassword, Mfa, X509, Kerberos, Spengo and various others flow but today I am going to discuss in details about one more flow which is also provided by Shibboleth Idp itself i.e External Flow Use case: Shibboleth Idp supports external Authn flow using which specific requirement can be fulfilled like your authentication database resides at some other location or some other servlet will do the authentication on the Idp’s behalf like authentication should be done at Facebook or Google side. All such scenario can be easily handled using External Authn flow. Shibboleth team has already created document for the same which you can read it over here . I am writing this document to explain it in more details with example. There are few predefined steps that we need to follow to add new custom flow in Shibboleth Idp as per Shibboleth guidelines. Let’s assume we have to create new flow named “Authn/Custom” in Shibbolet...

OAuth vs SSO: Which One Should I Use?

Image
Currently, I am working on one project which provided me a lot of opportunities to learn about OAuth 2.0 and SAML and better understanding on which one to choose for SSO strategy. I am choosing this topic because most of the people get confused between these two. While they have some similarities but they are very different too and to put it one line. I would say “OAuth is not Single Sign-On” What is the difference between OAuth 2.0 and SSO? OAuth (Open Authorization) is a standard for authorization of resources. It does not deal with authentication. It allows secure authorization in a simple and standard method from web, mobile and desktop applications. If you try to log into Stack Overflow using Facebook, you’ll be redirected to Facebook’s website and will see something like the following: Once authenticated with Facebook, it will ask for Stack Overflow’s permission to access your resources l ike your name, Email id, Profile picture and so on. This is an authoriz...

Configure Shibboleth Idp to achieve Single Sign-on with Zendesk

Image
1. Introduction Shibboleth is standards-based, open source middleware software which provides web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner. Shibboleth Identity Provider supports the SAML2 specification and is therefore ideal for use with Zendesk. This document will describe the steps required to configure Shibboleth 2.0 Identity Provider to achieve single sign-on with Zendesk. 2. Install Shibboleth IdP The V2 Shibboleth Identity Provider is a standard Java web application based on the Servlet 2.4 specification and should run for the most part in any compatible servlet container. For this setup, I am going to use Apache Tomcat 7. Install and configure Apache tomcat 7 Download the Shibboleth Identity Provider (V2.4.4) software package. Unzip the archive and uncomment <security-constraint>, <login-config...