Four Stars

ESB with Certificates and ADFS

Hello,

I am quite new with Talend ESB and have a task at work.

I need to design an architecture where ESB handles and secures the communication with certificates and authenticates the users with AD FS.

 

I hope i am clear enough.

Thank you for the replays.

 

Cheers.

5 REPLIES
Moderator

Re: ESB with Certificates and ADFS

Hello,

Could you please have a look at this document about:TalendHelpCenter: Security Token Service to see if it is what you are looking for?

Best regards

Sabrina

--
Don't forget to give kudos when a reply is helpful and click Accept the solution when you think you're good with it.
Employee

Re: ESB with Certificates and ADFS

Hello, 

 

Can you give us some additional details so we can help please ?

 

Do you need to use certificates for encryption, signature or authentication ?

* Karaf provides native ssl support for encryption, on port 9001

(See etc/org.ops4j.pax.web.cfg configuration file)

 

Regarding authentication, have you chosen a standard protocole (basic HTTP, SAML, OIDC, X509, ...) ?

* Karaf and Talend services can be easily configured to use one of these and authenticates against an LDAP system with a simple jaas class.

 

Let us know.

Thomas

Four Stars

Re: ESB with Certificates and ADFS

Hello,

well i thought that using SAML protocol is enough to make it secure. If that is not the point, then i will have to use TSL certificates to make a connection secure and SAML protocol for authentication.

 

Basic usage of the system will be:

-Getting a request from an User to ESB(secured with certificates or STS if that's enough)

-Check permissions and roles via AD FS with SAML

-Execute the request

 

hope that's enough informations

Employee

Re: ESB with Certificates and ADFS

Ok, let's start with the certificate.

 

1 - Design a simple web service and make sure it is deployed on runtime server and that you can request it on http port 8040.

2 - Import your certificate sent by a certified provider into a keystore

(See https://wiki.eclipse.org/Jetty/Howto/Configure_SSL#Loading_Certificates_with_keytool -> Loading certificates with keytool)

3 - Update etc/org.ops4j.pax.web.cfg file to reference your keystore and set credentials to open it

(See https://ops4j1.jira.com/wiki/spaces/paxweb/pages/12059277/SSL+Configuration)

4 - Try to request your web service on https and port 9001

 

Let me know if it works.

Thomas

Four Stars

Re: ESB with Certificates and ADFS

Thank you for the response.

 

The issue is I need to create a server certificate and user certificate, because I'm doing a demo Project to show my boss.

I have a simple Service, that says hello. I've researched a lot about SAML, STS, certificates. The problem comes when I try to implement it and nobody can help me because they don't know anything about this... i know it's a bit odd Smiley Very Happy

I've tried sending a token request via SOAPUI on talend runtime and receive a response. 

But implement everything in my service, so he send a token request and then takes the response and puts it in the header is a mystery to me .

 

If you could help me with this i would really appreciate it Smiley Happy