My team has a .Net web application that needs to be able to receive the response from the OAM SSO page.
At our company the team that handles OAM and Webgate only handles the installation to the server and does not handle support for integrating into the application. We have asked for assistance with connecting to Oracle for support and they have indicated they cannot do this. The end result is that we have an IIS server with Oracle's Webgate installed and a functional web application hosted on that server but no ability to tie the two together.
I would show code, but we are at ground zero for this.
Any solution that can help us to be able to get our application to be able to receive the response from the SSO login page would be helpful.
My team eventually found this blog, which does an excellent job of explaining how to setup OAM SSO and a Site on IIS so that they can communicate with each other. It is a little old, but was not that difficult to find the current version equivalents.
Chuni Lal Kukreja Kubernetes, OAM, OIM, Webgate,Active Directory,SharePoint 2013,IIS7.5,OAAM Blog
Related
For my Xamarin.Forms application I've created a ASP.NET Web API as a backend to handle serverside stuff.
When it comes to security I'm pretty much lost.
I've read alot of articles containing alot of possibilities such as HCMA, OAuth and others.
For my purpose I think just SSL/Https will do the job.
I just have no idea where to start. All the documentation I've read didn't help me...
Does anyone know a place where I can get some help or can anyone describe what to do to get this done ?
As far as I know I got to create a SelfSignedCertificate.
But where do I put it ?
Inside of my App(Resources)?
Please provide me some help.
Anything is highly appreciated.
EDIT 1:
As by now I have create a Custom Attribute EnforceSSL in my WebAPI.
All my WebRequests in my App are now HttpsWebRequests.
Does this mean all my traffic is secured ?
As far as I could find out in order to secure my API/Website I need a SSL-Certificate. I can either create one or buy one ... (is this correct) ?
I guess I need to inclued this in my IIS, where my API runs.
Do I need any Client Certificate which I have to install on the phones which use my app ?
I dont want this to go unanswered, in future for general security questions http://security.stackexchange.com is the place.
For my purpose I think just SSL/Https will do the job.
That's right use HTTPS (HTTP Secure). You can configure the webserver to redirect all http:// to https:// automatically. Follow this TechNet guide to Configuring Server Certificates in IIS 7.
I'd also recommend you test your web services out with https://www.ssllabs.com/ssltest/ that grades how secure your web site/service is. SSLLabs mainly catches TLS 1.1 vulnerabilities so make sure you're on the latest TLS to get a Grade A. TLS is basically the same thing as SSL. SSL 3.0 was the last version of SSL. TLS – Transport Layer Security, a new name for SSL. TLS 1.0 is colloquially considered “SSL 3.1”. Created and maintained by Internet Engineering Task Force. The latest version is TLS 1.2 and TLS 1.3 is currently in draft format.
All my WebRequests in my App are now HttpsWebRequests. Does this mean all my traffic is secured?
Nothing is 100% secure, but it sounds like you're following the recommended practices: https://developer.xamarin.com/guides/cross-platform/macios/http-stack/
Do I need any Client Certificate which I have to install on the phones which use my app?
What you're thinking of is called Certificate Pinning and https://forums.xamarin.com/discussion/8743/self-signed-cert-using-httpclient
The 3 most common mistakes to securing a mobile app are:
Hardcoding keys into source code:
Not using encryption correctly:
Not using HTTPS.
Securing Mobile Apps is such a large subject - there are entire books on the topic. At the very least read up on:
OWASP Mobile Security Project:
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project and
Secure Coding Guidelines for iOS and Android: https://mgovlab.government.ae/uploads/SecureCodingGuidelines.pdf and make sure you've covered off the top 10 vulnerabilities:
Store local data securely
Protect remote data transportation
Implement appropriate authentication
Audit third-party code and services
Respect user data
Protect from reverse engineering
Secure web services and servers
Validate input and interprocess
communications
Avoid exploitable code errors
Distribute an application securely
When you package your application follow the offical Xamarin guide, pay attention to ProGuard.
https://developer.xamarin.com/guides/android/deployment,_testing,_and_metrics/publishing_an_application/part_1_-_preparing_an_application_for_release/
I need to design an HTML 5 responsive, and simple app that should work on both internal Win server and on Azure.Our Client wants to check out Azure but maybe later he will want this app to be on its own on premise servers. Our Developers are almost all .NET back ends, with basic knowledge in HTML 5, Javascript, Jquery, and bootstrap. We accepted the challenge because the project is tiny and interesting, the point is, is possible to have 1 project that can be deployed to azure or IIS with no problem? and what kind of project should we create? I think that a simple asp.net project with some web methods and js will do the job, but I don't know if it will work on azure too. Back n 2010 I did something that way but now I am not sure it's still valid
Important: the web application should be able to query oracle on premise server, via web service but not sure if take azure service bus or azure vpn
It depends on how you build your application. I have built applications in the past that works both on-premise and on Azure. As long as you don't access any Azure specific features, there's no problem to deploying the web application project to an on-premise IIS.
If you use Azure-specific features or services from Azure, such as Azure SQL DB, you have to built an on-premise version. In my case it was simple as changing the connection string and the rest was done by Entity Framework, but you can use an IoC container, such as Unity, to change your implementation based on the environment you're running on. If the Azure environment is available (check through RoleEnvironment.IsAvailable) you resolve the Azure-specific implementation of some features and if not the on-premise implementation. In most cases that are just a few dependencies, for example if you use a worker role on Azure and a Windows Service on-premise.
I need to authenticate against an existing CAS server from within a Mono desktop client application. The closest thing I've found is Jasig which would work great if I were using an ASP.NET application.
Does anyone know of a good library out there, or a way I could adapt Jasig to work from an executable?
The CAS servers supports RESTful APIs. You could use the API to submit ticket/validation requests.
See here for more info, plz: https://wiki.jasig.org/display/CASUM/RESTful+API
I'm tasked with writing a web app that will connect an internal employee and an external client while logging Case details. Our company recently switched over to Lync, so I'm a bit lost on the API for doing this.
Ideally, this would be a web app (C# & ASP.NET) so that the customer support department doesn't have to install something to every workstation. It would also mimic the behavior found in this article for sending an email to allow external users to connect.
Is UCMA required for this? We have a generic Lync account that could be used by a service to facilitate these requests if that would be more appropriate. I can also force the issue for using a desktop app if need be.
I'm just having a hell of a time finding the right API calls to make this happen on MSDN so any links to docs or tutorials would be a huge help.
Some research that doesn't quite point out what needs to be done:
UCMA: Chat with users not in AD
How do I Invite a user by email to a Lync 2010 chat session using the API?
you should take a look at this sample located at :%Program Files%Microsoft UCMA 3.0\SDK\Core\Sample Applications\Reference\ContactCenter
You'll find more details here : http://msdn.microsoft.com/en-us/library/hh285604.aspx
Hope that helped.
You should also take a look at UCWA - Microsoft's Unified Communications Web API.
Unified Communications Web API
It's a great platform for adding Lync functionality into your Web application, has an Online Demo with full source code as well.
Coding Platform: ASP.NET 4.0 with C#
Building a website using ASP.NET membership(forms authentication) and options to link Open IDs to it. I would like to have Microsoft Live as an OpenID option in this website. Well I have not seen Login using Windows Live ID except at forums.asp.net, but then both are Microsoft websites.
Today, I stumbled upon a website that seems to be using Microsoft Live Connect or whatever. I tried searching for it but I couldn't get any documentation regarding an API for Live Connect.
Here's the URL: http://messengerconnectidentity.mslivelabs.com/
Has anybody used this / will this work?
To implement Windows Live ID, you must register your Web site with Microsoft® as an application and receive a client ID for use with the service. Only a person who has a valid Windows Live ID can register an application and obtain a client ID. After you create the application, you can sign in and change it whenever you want.
details on;
http://msdn.microsoft.com/en-us/library/bb676626.aspx
also have a look at this;
http://weblogs.asp.net/dwahlin/archive/2007/08/17/integrate-windows-live-id-authentication-into-your-website.aspx
I've just heard about this on a live seminar, which spoked for OpenId and Windows Live. Have a look at http://www.dotnetopenauth.net/openid/ which may be a direction to point this issue?