authentication - Is it possible to user mangement with Cloud Foundry for non platform users

I would like to ask if I can use the UAA of Cloud Foundry to manage non platform users(npu)?As example, I have a business application and only npu with credentials are allowed to access the rest-api or the website of the application.So I mean with npu, users which are not working directly on the platform. The npu will only acess custom self developed applications running on cloud foundry as software as service, non api of cloud foundry like the cloud controller.I'm working with the cloud foundry offer from sap cloud platform, and in one course ...Read more

authentication - Which group is 'all' in cloudfoundry-UAA?

owner of identity provider (SAML) will use cloudfoundry-UAA to interact with my app / resource server. i have some resources that should be visible to every user that logged in successfully. so if there is a group that every user is automatically a member of - it would let me treat all permission-related cases uniformlyso: is there any group that is added to all users automatically? even for those users that log in using SAML? is it uaa.user? can we somehow distinguish users from different zones? like zone1.uaa.user?...Read more

authentication - Multiple Auth sessions in Laravel 4

The project I'm currently working on is split up in an admin console and the normal frontend.Both front and backend are in the same Laravel instance.In the frontend I'm trying to create a user login system that works exclusively for the frontend. It uses a different table and model and it has different relations as oposed to the User model for the admin. What I can't figure out is a way to use the Laravel Auth class for both systems. Logically Auth uses one single config file, and more to the point, one session name. One solution that has been ...Read more

authentication - Artifactory & Okta

Artifactory provides a plugin to use Okta for logins. However it is set to automatically go to a specific unused on prim site. Using an Okta custom plugin has allowed for redirection to the home page but not to login. Has anyone used Okta with artifactory and successfully been able to authenticate and login with an on prim site? If so what steps did you take or what specific website extension did you use?...Read more

authentication - Active Directory: Allow users of different domain to login

We currently have all of our servers in domain A. But many users from a different department also need to log in on our systems, however, their devices are registered in domain B.What kind of trust should I set up to allow the users of domain B to log in on our server in domain A. I assume a one way trust is sufficient to be able to add domain B users to our domain A user groups in the Active Directory? But what direction should it be?Does that mean that I will be adding the users like domainB\user1 to domainA\group1. Or do I have to redefine d...Read more

authentication - Chaining federation of CloudFoundry UAA

I have two CloudFoundry UAA instances which have SAML and LDAP identity providers configured for them. Consumers can authenticate using a authorization_code or client_credentials grant and receive the JWT.Now, I need to create another UAA instance which federates or chains into both of these UAAs. The reasoning is that I can use a single point-of-contact for my resource-server to authenticate into both chained UAA instances. It also gives me more control over my UAA instance, since the two child instances are usually owned by other parties.The ...Read more

aws lambda: authentication with Cognito and a fixed user

I have a web application where people can upload files and I want a login for this so some functions can only be accessed by people who are logged in. I want to have one fixed pair of username and password, so there should be no option for users to create their own account (only the people who have the right information can access). I have a login paige where I proof with JavaScript if the fields are filled and if they are there should be invoked a lambda function to set the user to auth in Cognito to login. I created a fixed user in Cognito wi...Read more

Use Friend for authentication and authorisation in a single page Clojure web application

I am trying to integrate Friend authentication and authorisation into a Clojure/Compojure single-page web application.I have a login form backed by an Angular controller, and this controller uses AJAX to authenticate username and password against the web application and obtain an authenticated user record. Because of this, I do not want the default behaviour provided by the Friend form-based login - I basically want to rely on HTTP status codes and I do not want any of the Friend page-redirects.For example, making an unauthenticated request sho...Read more

Kerberos authentication for solace queue

Hi I am trying to make a secure connection to a solace queue using Kerberos. I have developed a client side application using Solace JMS APIs. As far as I know we need to implement following steps for secure connection:1) Add a keytab to Solace Keytab directory 2) Use SolAdmin to execute certain config commands on Solace3) Import Kerberos library and set certain properties on your client side application.Following are my doubts regarding the topic1) I want to know if these are the steps we need to follow for a secure connection?2) What role doe...Read more

authentication - Authenticating only subscribers in Solace MQTT service

I want to authenticate all MQTT subscribers on a topic with Solace using Basic Auth . (Username and password) . But want publishers to send to that topic without authentication.I configured basic auth. and ACL's on a VPN but that wants my both subscribers and publisher to use username/password. Can this be possible via any configuration to allow anyone to publish to a topic in solace but only authenticated users to subscribe and listen on that topic ?...Read more

authentication - AEM SlingAuthenticator Exclusion list

I am creating a exclusion list in org.apache.sling.engine.impl.auth.SlingAuthenticator , sling.auth.requireemnts to allow the js and css for a shared link functionality[functionality:allows me to share the link to others and others clink on the link and go to the asset. without allowing those css and js files for unauthenticated user the styles are nor rendering.]My problem is I wanted allow the entire libs\clientlibs\granite folder, or I have to exclude each file with one exclusion list which is adding number of values in sling.auth.requiremen...Read more

cookies - Remembering user authentication

After connecting to udemy course or gmail inbox through my login, browser never again asks for user authentication.Need to delete browser history, to re-enter user authentication on both chrome & firefox.What is the cache mechanism of a browser to retrieve & maintain such user information persistently, on hard disk? Is server involved in this cache mechanism?...Read more

authentication - How to secure MongoDB with username and password

I want to set up user name & password authentication for my MongoDB instance, so that any remote access will ask for the user name & password. I tried the tutorial from the MongoDB site and did following:use admindb.addUser('theadmin', '12345');db.auth('theadmin','12345');After that, I exited and ran mongo again. And I don't need password to access it. Even if I connect to the database remotely, I am not prompted for user name & password. UPDATE Here is the solution I ended up using1) At the mongo command line, set the administrat...Read more

authentication - Is AWS API Gateway custom authorizer useful?

I am looking to use some "serverless api server" for AWS Lambda /zappa that uses a custom API Gateway authorizer for user authentification. In serverless AWS lambda service is there a considerable security or cost benefit in using custom authorizer rather than checking the issued JWT token directly in your code controller? For me checking with the code could be more convenient.UPDATEI went for pre request hooks, however there is header level authorizer, it is easier to use for CORS, yet it is not supported by zappa I believe. Also setting mock ...Read more

authentication - AWS Cognito Developer Authenticated Identities and Upload to S3

Im trying to authenticate AWS Cognito Service to upload images to S3 bucket.I tried to followed "http://docs.aws.amazon.com/cognito/latest/developerguide/developer-authenticated-identities.html", but Im getting confused. I want to authenticate using developer identities as Im not using Cognito services for my login.My class used for authentication is as below:import AWSCoreclass DeveloperAuthenticatedIdentityProvider : AWSCognitoCredentialsProviderHelper { override func token() -> AWSTask<NSString> { //I have no clue what ...Read more