Asterisk, Loadbalancing and SSO – Server Fault

I am trying inverstigate/evaluate asterisk with reposct to loadbalancing and SSO.

We have in house solution for SSO adhereing to standards , bulit with spring Framework, can we use SSo with asterisk such taht asterisk can be used/plugged into existing application as another service seamlessly.

Loadbalancing asterisk servers, can calls be load balanced moved while in play.

authentication authorization – SSO between headless Drupal and frontend

I have a headless Drupal instance as backend and frontend in React JS. I am using Simple OAuth 2.0 for authorization and all the end points work fine with authorization. Now I have a use case where I need a User to login to frontend which happens with the simple Oauth 2.0 endpoint ‘/oauth/token’. Once the user logs in, they land to frontend home page and there is a link to backend, which if clicked should automatically log in the user to backend (Drupal site).

I have tried multiple options like login endpoints provided by JSON API, which successfully authenticate the user, creates a session in backend and sent cookie in response, which is received by React JS but couldnt be saved. DUe to this, the access to backend from frontend is always considered as unauthorized or Anonymous user request.

I tried to login user programatically too, but it lands me in ‘/contextual/render’ error for many of the pages in admin section of backend.

Please help me in creating a SSO for both backend and frontend.

oauth2 – How to integrate multiple services via API’s into a single dashboard on a per-user basis with SSO?

so my project is that I’d like to pull data from a bunch of different services/API’s and show them in a single dashboard. SSO is a requirement so I want to make sure the user doesn’t have to put in their password over and over.

The system already has SAML2.0 set up with ADFS which is configured as the identity provider for all the services.

The issue is that when a user uses SAML to log into a service, they leave my dashboard app and don’t get any of the user permissions for that service. For example, say the user is trying to access Gitlab and they only have access to a certain number of projects, unless they go into gitlab and generate a user API key and copy/paste it into my dashboard app, I can’t get that user’s permissions when making API calls.

From my research, it sounds like using OAuth2.0 is the solution to this; set up ADFS to generate tokens for a user (as the Authorization server) and then integrate it with applications that use OAuth2.0 (which would be the resource servers) and my dashboard app would be basically a client hanging on to the tokens. This would enable me to make API calls with scoped permissions.

Does this sound like a good idea? Instinctually, I feel that this has got to be a common problem that’s been solved many times before but I am not formulating the Google/Stackoverflow searches for the solution.

Web application – Should I put the HR system and various business-related systems under SSO?

We build various systems for companies, such as schedule management and exchange for employees, customer management and, more recently, the HR system.
We have put the schedule management and customer / contact management application under SSO. Is it safe and sensible to place the HR system under the same SSO system?

Registration – conditions and newsletter registration with SSO

I'm having trouble combining an SSO registration process with a required newsletter / marketing opt-in.

The product I'm working for offers a service that requires registration to access. We offer email / password and SSO (Google, Facebook) as optional registration options. Users who have opted in to email registration will be asked if they want to receive emails (marketing) or not. Germany users must actively log in by clicking on a checkbox. The same applies to terms / guidelines, but here we can passively accept them like a sentence "When registering you agree to our terms and conditions (…)" and by clicking on the "Register" button.

While we are now implementing SSO, I'm looking for best practice examples and advice on how to combine the terms, and in particular the active newsletter opt-in, with a typical popup SSO registration process. Here are some additional thoughts:

  • I could add one more step after creating an account, but the user has to accept terms along with the creation of the account as he has to accept the guidelines for using SSO before using SSO (obviously (- :))
  • The same applies to the newsletter, since I would like to receive acceptance here as early as possible so that I can send emails to users, which will be sent in the next step
  • Here's an example I've found so far, but with a somewhat strange interaction (try logging in to Google): https://crello.com/de/signup/

Ideas appreciated (-:

Active Directory – How "Detect settings automatically" in IE affects Sharepoint SSO

Our network infrastructure is based on software from MS. I have found that disabling "Detect Settings Automatically" in IE disables IE and Chrome for our SharePoint-based intranet sites. The automatic proxy configuration file is always returned "DIRECT"::

$ curl http://wpad/wpad.dat
function FindProxyForURL(url, host)
{
return "DIRECT";
}

My goal is to keep the SSO without using a PAC script. How do you do that?

saml – PHP SimpleSAML SSO integration

In my company I created an existing website with Laravel and I want to use SimpleSaml for SSO logins with an existing IDP. I am very new to PHP since I am a .NET developer and I want to know how to do it (first steps for a newbie with PHP).

I only received the metadata. I managed to get the website up and running locally php artisan serve

Example of IDP metadata

$metadata('https://sit-sso-nccd.esa.edu.au/simplesaml/saml2/idp/metadata.php') = array (
  'metadata-set' => 'saml20-idp-remote',
  'entityid' => 'https://sit-sso-nccd.esa.edu.au/simplesaml/saml2/idp/metadata.php',
  'SingleSignOnService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://sit-sso-nccd.esa.edu.au/simplesaml/saml2/idp/SSOService.php',
    ),
  ),
  'SingleLogoutService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://sit-sso-nccd.esa.edu.au/simplesaml/saml2/idp/SingleLogoutService.php',
    ),
  ),
  'certData' => 'MIIFGjCCAwKgAwIBAgIJALajs2VODk2iMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNVBAMMF2Rldi1zc28tbmNjZC5lc2EuZWR1LmF1MB4XDTE4MDcyNDIzMjgxN1oXDTIwMDMxNTIzMjgxN1owIjEgMB4GA1UEAwwXZGV2LXNzby1uY2NkLmVzYS5lZHUuYXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDFu5zxIPOC0yjmn91MgGD5qDXBYIYmpywPoCPNrFFhFZCgsadR6+zq05X6hER7wCFZxMYpsBh0ugTZ2UNM8+Uh6VwPhrmB49fotSaYo5Ka1AgHNMhJKue3OQ+BHMN+jEdzAjNhjYQl4Y2SFVrlJuUBZq9BhcRXZJhpIgAzJzgdkgZQ5oWLnVqdq8SaXrqbNGRsS2J+BJPP851d8TRLFaEu9PaMwjONyUe9OqfddFjUPl/IwtNlIo0Yg6OWC+CYzjF23WSajSRE4iA9tIFUzRcIt+VCTg/ImLDOmaqJkId2neGv0nimzkOWw/O/ymFpaVRcMFdefI/4ZZ6ynP6Q27TAZGSOcxZbCmJGTDMKWuaXBZ5JAtgtQx+nabUkoZMLk3ac1KFmSQjA4GO5NX3Vaql5hqRB+MqbM5IoxFOaZDO+kFRJvIMP8/sOECVSsMCnc1B0gxBNCBxIwV5zUkHgnXr2SfJtfyFnEUIc7AsYA/GB+bDfvDZbz6NrN5ZUUvFQIX4tMCsmFXbwCPP2hlufzY/Pbjc3jiR7NlWvLnA0twW/boqVe3+zVIiBVwRUSbY7E4205vchUYzx3x2QwGl2AKsJlhriUONsAdPLwqxvko+vBLzY3CdmAcQKgjJYtrOIyaQB/pkJALJtrlWcgMsk5/TBvC+EZaVLxuISWRm05LdtqQIDAQABo1MwUTAdBgNVHQ4EFgQUImdCduX3cdgwim2fayR7cYs36uAwHwYDVR0jBBgwFoAUImdCduX3cdgwim2fayR7cYs36uAwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEALyliUQwi059zsLQWR5FkU8F9IylogPjNKLPhW2dFeFZ64nKPAekZy+ehJGGVkMlprS9zma+rVXp9Ai4BFi8KB0SVi6/RnStyWBLdqL9VZU8UsUm9V4Fdm4uWVWMR8eJb5WYqj+I9UALWkUUDQdEDityTqrySLdWl6Og/NO/4CWX7zCT9JrdM4+puIkr9tUZ448Tag/ymEkD4f+hiYeMLaNkfIaSPEzDSeu2NCtCdhi0MFSnzj8CG+s7wVuoEi+BdaQF43D7ugmcgnO4hoJ/3Npbq5kGAQq+3AGeXop+A9RVxTVtjYPYLxAjubPUObT0M4MfHqpIu5gcHXkRXu1m43jQyACGFUnZrOBaX5ZPlYegaEYodIDsy2zzuKZ76R+FunfnnQUz3632plSOr5mbUPasUgqF+IiQ8TUpgy2aEruBS1ZHsidQ0Um8GwUOkaiS8z/ZPp3cBBt5n7Efc4ZDQjKNFHRtXNTnEtlH1pK/lK8VFhq/+700Pj9X8+I5Z9AC9O0Naxx4GKVg+53G/vYewZ7XdnUDSoEf+Vy8hpWaw8DM/kPgGymBcgOMJRhhgEmbUtUVC/I7wcH80P2Iq5a8Yuu7CgBX0X3TlOjLj3zlPAN05IRbCPV5tPxA5eAZXbTHXCA6w0WYuhqjKkpBCp1FuskV7DnRvF5z/1zU1/BlWgtA=',
  'NameIDFormat' => 'urn:oasis:names:tc:SAML:2.0:nameid-format:transient',
  'contacts' => 
  array (
    0 => 
    array (
      'emailAddress' => '',
      'contactType' => 'technical',
      'givenName' => 'Administrator',
    ),
  ),
);

Example of SP metadata

$metadata('moodle') = array (
  'SingleLogoutService' => 
  array (
    0 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml2-logout.php/moodle-sp',
    ),
    1 => 
    array (
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml2-logout.php/moodle-sp',
    ),
  ),
  'AssertionConsumerService' => 
  array (
    0 => 
    array (
      'index' => 0,
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml2-acs.php/moodle-sp',
    ),
    1 => 
    array (
      'index' => 1,
      'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml1-acs.php/moodle-sp',
    ),
    2 => 
    array (
      'index' => 2,
      'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml2-acs.php/moodle-sp',
    ),
    3 => 
    array (
      'index' => 3,
      'Binding' => 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01',
      'Location' => 'https://sit-plm-nccd.esa.edu.au/simplesaml/module.php/saml/sp/saml1-acs.php/moodle-sp/artifact',
    ),
  ),
  'contacts' => 
  array (
    0 => 
    array (
      'emailAddress' => '',
      'contactType' => 'technical',
      'givenName' => 'Administrator',
    ),
  ),
  'certData' => 'MIIFGjCCAwKgAwIBAgIJAN8ge3aLwa8rMA0GCSqGSIb3DQEBCwUAMCIxIDAeBgNVBAMMF2Rldi1wbG0tbmNjZC5lc2EuZWR1LmF1MB4XDTE4MDcyNDIzMzAwNVoXDTIwMDMxNTIzMzAwNVowIjEgMB4GA1UEAwwXZGV2LXBsbS1uY2NkLmVzYS5lZHUuYXUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDMem0giXje+PJIBbBhFT33A/N55r54mTlRYEFGGMLnLMIe9ooybqYOynmsPSGbuXgmRHbbA9rs0x4wyzpNXOyWK/QL37SRq/1X6JDQhst199AyVbtMo/vqlzOcw4N4nJyQAlxnJpBM/NvIs+ToeER4QwwhSYSRbeZaXfpEY434bBWeRTV0+XIz9yoJqGdH19Oxjtmr2tePOJh47QztCQ71zTt/VhYx0Ub03qdsZeZMMbZ5cMUiIfdKZNuOWmp4W7ZISdf8S+kQeVYd4+pY6v1WSANFdLkckqSHdTjSpvNtpq+IgZO0D7xWo7oBC/AFNNFEAkIIwM58lUB3gjs2g4SJihJRfZ0xEdQPzOviJBIsZU82l4TIQR8irRRJhDyC03Lm5kkl9JtREzfTaH81MJp28Y2f288fe2+v3ZsQmsHoCrX0GoneLT3tJ9zShTvXS+iI+NXIW/pb2A6E+DH6/GvXkR+fpPmCSqHjFqH/TY+at94F7XxjZtesPDfDfjLc8tXeyODDY7D/TYpwuigW0eH571oEUwwEMxos5gbayReKwqX8kba5Bnsv38bXK0IJaSzSdhDtwv0Hf83imYQBCNq0kBWEeWqt7VzGuknjIaUJ0TDOBUuhdldmSNhVW/fneCqX1euBd9o08mIYdjkdLTMAvwApY61lcHvgtvN7OcF4lQIDAQABo1MwUTAdBgNVHQ4EFgQUl0VVigcq5zATdeEvELr8+W5hpYcwHwYDVR0jBBgwFoAUl0VVigcq5zATdeEvELr8+W5hpYcwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAuPYIehwfKLy53JbX//cp0vLDVAM4XvanARksXNCkM03XXVZDb4yS+YmIazrSPJfpKI1EYGFhM14gQ7gO5ViLvP/J1+FvdypD5LPwn14RRHCEohb/zKeJkXwK0hwdQdYjvvjwnJ+FqMZmqO1w8QOviGypxtNfO1fDWWzLmHHvul45i+VAAOg5iqgsTZHB27WEl4zMaBSrhfGk8Sa5eOsiLQLwnQ+JMunrTMjlrA35sMeT9BoxkMKQ3ph0lmrx80CrJ/YYEeQHb9sMeVagMUTW+NZfbnwkIp4QRZH45/bcx3+JoGWa3OTgrmi+Rc+M9bCwh0ZHBA8LbvQ0OdzitD2KqNiiWX7JsXbiOACOxCcrJ3+OjHCzRdAUnMT+zjSnTFqJ/NLikZxPDO8CjPHwGsO6T3xFPJwuOZRGdtxLeYTj+QupuNs/JqmHjcNejuPXBSq2XaIoPCBQehEDAnWvEtEz/6CNgoQz52cJGH9kbMqMazpQhTVy5brDtpCm5zmn0VsJz9HcxVbyHw2uNJuFXIl+qaeqq1sO+s/P6ao2LT6HZH2isUkYM4K2sHeBoTlDFh93jdSQ2oWSHJvScTHYDGkiT9A7cjoAc2ETo1lXkeXKTngToDGNT6X6R2nKSa5S9ntJSGAMLjU95YbQDenYgHMTxIwtZq9hPyxzbHp8kD+490s=',
);