I need some guidance regarding "single sign-on" and "ibm security verify access v10". I am not particularly a programmer but based on the task given to me i created a simple PHP based web app that uses html form (username/password) and authenticates users against "traditional microsoft active directory" and i used "xampp apache web server" and sometimes "IIS web server".
Now i am trying to do is to give my web app single sign-on using ibm security verify access but i am getting confused and lost here because it's not easy to find information related to this exact configuration. One concept that might be useful is i think 'Forms Single Sign-on" but I can't find out a clear configuration example so i can compare and implement. I need help with this i.e what is the best SSO option based on my situation and how or where i can find se material e.g how to implement forms sso in this situation. I am still in training phase and merely month and a half in so most of its overwhelming.
My setup that i have right now is:
1: one VM for Security Verify Access console
2: one VM which runs windows server 2016 amd active directory where i have created some users
3: one VM running same OS and Security Directory Server as my external LDAP
4: A simple php HTML form based web app
Thank you.
It seems you need to implement on premise integration with IBM Security Verify, if yes check out following document
IBM security verify with AD
This is just to understand what SSO is how to integrate with SAML & how everything works.
How SSO works with SAML
Hope this get you started on path
Related
I wrote a simple Application in HTML with a form. I submit the form into a PHP file and insert the data into a database.
I created an App Service on Azure Portal + MySQL database
It took me a while to get the git Pipeline going (So Git - Azure Portal - deploying into a Webservice)
If I submit my form, the data will go to the database just fine.
Now I wanted to extend everything with a monitoring tool. So I tried Application Insights. But unfortunately, that doesn't work. If I understand it correctly it's because of the PHP file or to be exact the Php Stackruntime on Azure.
Is it possible to the monitoring anyway somehow? I only have experience in Php and Html a little bit of Java and Javascript.
Thanks.
I have deployed sample PHP App to Azure App Service.
So I tried Application Insights. But unfortunately, that doesn't work.
I have checked with both PHP 8.0 and 8.1 runtime version. The Application Insights option is disabled for PHP.
Thanks #Dmitry-Matveev for the Application Insights SDK.
Is it possible to the monitoring anyway somehow?
Check the below steps to Monitor Azure PHP App Service.
Way 1:
Check the Logs under Monitoring.
Way 2:
Enable Application logging (File System).
Navigate to the Log stream to check the Live metrics.
Also, we can check the metrics section to monitor the App.
I am writing a simple admin tool in PHP for my own personal use that I would like to host on the free Azure Websites tier. I need to secure the site through a simple authentication scheme such as .htpasswd under *NIX servers.
Are there any recommended approaches to do this when running the site in PHP?
I have looked at the options in web.config, however they all appear to require a Windows user-account against which to authenticate. I have taken a look at Windows Azure Basic Authentication but I'm not too sure how I could run appcmd.exe against this website.
I have checked out the Windows Azure Active Directory integration options, but I can't see anything I can call from PHP (is there a RESTful API I can call maybe?).
I don't particularly want to write my own authentication handler and don't particularly want to run a micro-instance Linux VM....
If you are looking for simple authentication you can hard code the username and password combination in the login script itself and the info will be protected. If that does not satisfy your requirement you can use free version of mysql and store credentials their before using it. these two options are the simplest and free you can use. Also Active Directory or UAC based auth are overkill for your small project.
There is a Sample project that shows how to do Single Sign-on with Windows Azure Active Directory using PHP.
I haven't tested this code out in Windows Azure Web Sites as of yet, but it is available as a sample if you'd like to get an idea as to how you may be able to implement your own Auth Provider.
I've been developing a project using php that my students use to take quizes (that moodle can't do itself) Now I would like to integrate moodle and my project such that my project authenticates against moodle users and reports grades into a courses gradebook. I've so far been authenticating using direct database reading but I'm very hesitant to do writes to the moodle database. I'm also aware of LTI; I am open to using it but the human readable documentation and any samples are impossible to find. If you could provide me a sample or documentation thats less theory and more applicable for LTI it would be greatly appreciated.
Thanks in advance.
To do this you need to use the Web Services API. You need to setup a web service first, see Using web services. The entire API documentation is available on your Moodle site via Administration > Plugins > Web services > API Documentation.
You need to use moodle's External Tool, which is created precisely for this kind of uses. External tool uses LTI in the background to send user, course, role etc information to an external application and the external application can even send back scores to moodle if configured as a quiz.
Check out : https://docs.moodle.org/23/en/External_tool
You will also have to make your quiz taking app, an LTI provider.
This open source package is out of the box package to create LTI provider in ruby - https://github.com/instructure/ims-lti
There are similar tools in other languages too, but this one is the most polished one.
Please forgive the novice-ness of this question if this is in fact a novice question, and maybe if it doesn't exist it could one day, but thank you for your time already. I'm just trying to learn how to access dynamic data for my website.
If these (command line accessible) services do exist, which I imagine is doubtful, I am looking for dynamic (externally stored) Finance & Economic data providers.
EDIT: Ah! Great.
- I run both mac osx lion and windows vista on separate computers. I like ruby on rails, and the startup I'm working with uses php so that's OK too. Other than that as far as verification processes go, honestly, I'm not that far yet. The data I'll be trying to access at first will likely be open source (free for academic purposes, etc) and come from Google or Bloomberg Open if that helps. Thanks already though
- Ruby on Rails runs extremely slow on Windows so I'll be using Mac for the most part.
EDIT: Are there any IDE's (or IDE plugins) which have the capability to do what Alexei is describing?
EDIT: I'll probably be trying to access Google Docs via a REST API for my starter app. But am still interested in trying to access it and any other REST source via the command line and/or an IDE!
The curl command takes a URL as its argument and issues an HTTP GET to get the resource at that address. If that HTTP request accesses a REST web service, then it displays the response from that service. You can of course build on this as your starting point.
REST/SOAP services are accessible by issueing HTTP requests. There are plenty of tools to do just that on all operating systems. Starting from telnet for barebone communication to scripting languages that provide parsed responses like Python/Ruby/JavaScript for most platforms, PowerShell scripting would be probably the best for Windows environment.
To get more specific recommendations you need to get more details in the question (OS, languages you like, authentication used by services...)
I am developing an in app billing application for Android
In this sample, the security module is hosted in the android device
I’m trying to implement the security module of In App Billing of this demo application Dungeons in a PHP remote server, following the billing best practices of google.
I encounter a some difficulties (I am not familiar with PHP), and I would like to know if :
Does anyone know if a PHP security module was already developed and open source?
Do I have to rewrite in my server all the JAVA code in PHP, or do I just need to rewrite the part verifying the signature, as this thread is doing?
I am not a pro in security ^^ and that’s why I have some difficulties in seeing what needs to be secured and how… (since in the JAVA code, it says that :
For a secure implementation, all of
this code should be implemented on a
server that communicates with the
application on the device
)
I really thank you if anyone has some tips.
Jer
The idea is to send signed data and the signature from the app to your web server. Then your webserver can verify the signature and allow access to protected content and such.
You would only need to rewrite the part verifying the signature, though you might find my php library for license verification useful.