New blog post for developers | Connect to PubSub+ Manager Using Ping Identity

System
System Administrator Posts: 46 admin
edited September 2022 in Blogs & Tutorials #1

My colleague Victor and I have previously blogged about how to use OAuth and OpenID Connect (OIDC) to authenticate and authorize Solace message format (SMF) clients with PubSub+ Event Broker. In this post I will explain how to use Ping Identity as an identity provider to authenticate and authorize users of PubSub+ Manager using an interactive login. If you’re not familiar, Ping Identity provides federated identity management and self-hosted identity access management (IAM) solutions to web identities and single sign-on solutions.

Read More ›

Leave your comments below.


Comments

  • factaky
    factaky Member Posts: 4
    #2

    Thanks to both of you for coming up with this tutorial. I followed your tutorial to the letter but I used keycloak (and later AWS cognito). There was only 1 small error that I encountered. The 'login with ping' button did not appear on the home page. It was narrowed down to that i have to issue a command, 'configure/authentication/oauth-profile)# issuer 'https:/xxxxxxxxx'. By right, if the discovery endpoint is configured, there should be no need to issue the 'issuer…..' command. Other than this, the tutorial was good.

  • pkondrat
    pkondrat Member, Employee Posts: 29 Solace Employee
    #3

    Hi Factaky,

    Did you check the response back from the discovery endpoint? If the discovery endpoint is functioning properly, the issuer should have been learned and there is no need to issue the "issuer" command. Once the profile is properly configured (with an issuer), the button should appear with the text "Login with <name>" where name is the name of the oauth-profile or display-name if you wish to override the profile name.

    Best Regards,

    Paul

  • factaky
    factaky Member Posts: 4
    edited January 7 #4

    Thank for replying.


    Initially, i followed your example. And i entered only the discovery endpoint. The "Login with ping" button did not appear.

    I then did a 'show oauth-profile ping' and saw that the 'Admin Status:' was 'disabled' and the 'Issuer:" was empty.

    I then removed the "discovery" command and issued the "Issuer" command as well as the "Authorization", "Token" , "JWKS", "userinfo" and the "Introspection" commands.

    With that done, the button "Login with Ping" appeared.

  • pkondrat
    pkondrat Member, Employee Posts: 29 Solace Employee
    #5

    I believe that the issue was that the discovery endpoint did not properly return the issuer. You can put the url for the discovery endpoint into your web browser and see what it returns. It seems like there is some reason that the broker was not able to extract the issuer from the response from the discovery endpoint. I think it will work if we can figure out why the broker was unable to determine the issuer.

  • factaky
    factaky Member Posts: 4
    #6

    This is what I just did.

    I deleted the 'issuer' command (no issuer). I also deleted all the 'endpoint' commands, token, userinfo, authorization, jwks etc'. The 'Login ' button disappeared. In fact, it disappeared when i deleted the 'issuer' command.

    I then ran the 'discovery' command. This time, the 'Login' button appeared.

    Thank for your help. At least, i now know how to make the 'Login' button appear.

Categories

This Month's Leaders

This Week's Leaders