federated-identity

How to provide Federated authentication with Tenant's corporate IdP using Cognito user pool

邮差的信 提交于 2021-01-29 12:56:00
问题 It's a multi-tenant B2B SaaS application. How can I provide the Ability to provide Federated authentication with Tenant's corporate IdP for some tenants only if they choose to? For other tenants, basic UN/Password flow is required. Do I need to use a pool per tenant or a common pool should work here? Also, I am not planning to use the Identity pool but only the user pool as we do not need to give direct access to AWS resources. 来源: https://stackoverflow.com/questions/65621664/how-to-provide

AWS Amplify: How to map social providers attributes for an email based authentication?

一笑奈何 提交于 2020-08-05 06:51:11
问题 I have a React web application built with AWS Amplify I have added authentication with Cognito user pools, I am not using usernames, I have selected the login using email/phone only, I don't want usernames, but Cognito creates a random username anyway. I want that the user to login using their email or using one social provider (Facebook or Google) and it shouldn't matter, they should have access to the same account, based on the email. Pretty normal practice, I think. However, when I first

ADFS TokenLifeTime Maximum?

好久不见. 提交于 2020-07-22 12:06:45
问题 I am using ADFS 2.0 for authentication for my mvc 3.0 web app. I set my TokenLifeTime on my relying party to 1440 (24 hours), but when I step through my code after I log in I can see that the ValidTo date of the session token is only 600 mins (10 hours) from now. If I change TokenLifeTime to be less than 600 the datetime matches what I expect when I log in. i.e. if I set TokenLifeTime to 5, the ValidTo date on my session token is 5 mins from when I logged in. I haven't found any reference to

Direct login and federated login in salesforce

故事扮演 提交于 2020-03-26 12:50:01
问题 I configured salesforce for federated authentication. Great! I did? It is working fine for "identity provider initiated login" (see Federated authentication and Delegated authentication in salesforce). I am using a federated id. But my issue that that user can login directly to salesforce using his username and password? How can I disable it? The "service provider initiated login" says it will come to identity provider. It is not going to identity provider when I try to login using salesforce

Generate custom attribute for one SP in a SAML 2.0 Federation - Identity

荒凉一梦 提交于 2020-01-24 22:42:08
问题 We have a SAML 2.0 federated environment (IDP and SP). I would like to generate a custom attribute for assertions created only for one SP. As such, I will not modify the IDP configuration. The snippet of the SAML Assertion we need to create: < saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" > Name="urn:oasis:names:tc:SAML:2.0:profiles:attribute:DCE:groups" > < saml:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:type="xsd:string"> ABCD

Exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token?

心已入冬 提交于 2020-01-06 03:03:27
问题 Is it possible to exchange an OAuth2 access token (or OpenID Connect id_token) for a WS-* SAML token? Here is our specific scenario that we would like to accomplish: A user has been authenticated using an OpenID Connect endpoint and issued an id_token. The same user has been authorized using an OAuth 2 endpoint and issued an access token. A single-page application (SPA) requests data from a secured ASP.NET Web API and it sends the id_token and access token. Here's the question/tricky part :

Authentication against multiple identity providers using WSFederationAuthenticationModule for asp.net

旧巷老猫 提交于 2020-01-04 02:31:05
问题 We have multitenant asp.net MVC web site which supports multiple partners. Currently we are using forms authentication to authenticate users. Now some of the partners have asked for single sign on support with SAML. I did quick POC to test it against “Thinktecture” identity provider. All I did was to install “Identity and access” extension for VS 2012 and configure the identity provider. I noticed that the extension added configuration settings like URL of the IP and realm in the web.config

AWS iOS SDK 2.4.0 & Cognito documentation

筅森魡賤 提交于 2020-01-03 05:08:12
问题 With AWS iOS SDK 2.4.0 Amazon's documentation fell behind. Pages on writing code to support Federated Identities, particularly how to refreshing token ids no longer reflected the code. This page for example, http://docs.aws.amazon.com/cognito/latest/developerguide/open-id.html, refers to credentialsProvider.logins which isn't present in SDK 2.4.0 Does anyone know if anyone else has documented this aspect of Amazon's iOS SDK? Or Amazon somewhere else? Amazon has now released 2.4.10 and its

What is the difference between System.IdentityModel & Microsoft.IdentityModel which one should I use?

左心房为你撑大大i 提交于 2020-01-02 09:55:25
问题 I just starting out trying to write a federated claims provider I'm using the http://claimsid.codeplex.com/ examples as my template. So I start up VS2010 to begin my own project and the first thing I notice is that there is a System.IdentityModel as well as Microsoft.IdentityModel. This usually happens when stuff gets added to the .Net framework becoming 'mainstream'. Is this the case here? Which one should I use? 回答1: When using Claims Based authentication/authorization, then you will need

WIF manually generate federationmetadata.xml

空扰寡人 提交于 2020-01-02 02:21:05
问题 I am playing with windows identity foundation and I am trying to create an MVC.NET based Security Token Service and use it as the Single Sign On application. My only problem is that I don't know how to generate the federationmetadata.xml file. Is there any tool to generate this file manually? 回答1: I created a custom metadata generator that does what VS does when you create the STS project. I had to use Reflection to call the code because as usual everything useful is internal in Microsoft's