I have a website A (with his own domain) and another website B (on another domain).
When a user enter to website A a banner is displayed allowing him to accept/reject cookie. If he accept we enable the use of datadog rum.
Then the user can be redirected to my other website B in order to perform other actions.
I'm watching datadog documentation : https://docs.datadoghq.com/fr/real_user_monitoring/browser/
useCrossSiteSessionCookie
Optional
Type: Boolean
Default:false
Use a secure cross-site session cookie. This allows the RUM Browser SDK to run when the site is loaded from another one (iframe). Implies useSecureSessionCookie.
I'm wondering if I could use useCrossSiteSessionCookie parameter to use datadog rum on the website B without re asking user to accept cookie ? Or is it only possible with iframe ? Because I do not know how to make it work :(
If it's not possible do you know other solution to my issue ?
Related
I'm trying to understand the process of login to a website using the Network tab on Google Chrome because I have to use that process for autenticate accounts on an mobile application.
The login is completed when I reach the page "HomepageStudente.do", but I don't understand how to replicate all this on Postman. I've tried to do this:
Right-click on the SSO request
Copy as Curl (bash)
And it seems to work, but when I do the same thing with the second request (POST) I get a different message compared to the one on the Network tab.
Those 3 calls are based on automatic redirect by the browser, and I don't understand how to replicate it on Postaman. Is this possibile to do? Any other suggestion on how to use those requests for authenticate an account outside the website (example mobile app)?.
Thanks
Recently discovered in our Google Admin Portal that: Per User outbound Gateway is turned on, checking with other people I work with, no one knows why its turned on and when it was turned on.
I have been digging through the Google admin sdk and have not found a way to check to see if any users is using this setting.
In short, does anyone know how I can check to see if a user in our domain has a secondary smtp connection or a "Send Mail As" option in use?
So, the setting 'allow per user outbound gateway' does indeed give users permissions to add a 'From' address external to your domain. However if anyone is using this, they'll likely need to configure it as a send-mail as address inside Gmail.
You can list all 'Send as addresses' via the Email settings API as per https://developers.google.com/admin-sdk/email-settings/#retrieving_send-as_alias_settings. Note that the code examples provided will not work as they're out of date and showing client Login which has been disabled for months now. I'd be advising you to Auth with Oauth 2.0, call the endpoint with wget or CURL(probably wget since recursive)
I'm new to the SSO world and I've recently installed WSO2 Identity Server 5.0 and done my best to hook in a service provider but I just can't seem to figure out how to make SSO happen.
Here is my current situation and goal:
I have a MojoPortal website where a user can log in. From there, the user can click a link to our FTP site powered by GoAnywhere. We want the user to be logged into the FTP site just by clicking the link instead of having to log in to it as well. The FTP site is SAML2 enabled so I chose the WSO2 ID Server to give SSO capabality between my mojoPortal and goAnywhere sites.
Here is what I think needs to happen - sanity checks welcome:
1. User clicks to access the FTP website and my mojoPortal website needs to create a SAML request and send it to the ID server. I can't seem to get a grip on doing this from an ASP.NET page.
2. ID server gets the request and validates it (you can test the request in the "SAML Request Validator" tool in the WSO2 console, right?)
3. ID server sends a response to the GoAnywhere FTP site which can be simulated with the SAML Response Builder tool in the ID server console.
4. The FTP sites says either OK or NO to access.
5. Not sure what happens next - how does the user get redirected to the FTP site.
So I have big issues: I don't understand the flow in great enough detail and I'm also having difficulties in getting the technologies to work together.
Any comments / help at all are greatly apprciated!
MojoPortal website - is this SAML2 Web Browser based SSO supported? If yes, then the solutions is clear.
You just have to register your 2 sites in WSO2 IS as SPs.
Then what will happen is , once the user log-in to the MojoPortal website, he user will have a live login session, therefore once he clicks on the FTP site, he will be able to access it without having to log-in again.
Hope this clarifies your doubts.
I created a Google site page with 5 links on it. Is it possible to create on my site a script or something that stores in a cookie the link on which the user has clicked, and then the next time he will connect to the page, he will be automatically redirected to the link he clicked on ? For information, the user connect to the site with his Google email account.
How can I do that please?
Thank you very much in advance for your help
While it is possible to read cookies and redirect using JavaScript inside a Google Page (using widgets), browsers will not allow you to set cookies for a completely different domain for obvious security reasons.
Related:
How to set a cookie for another domain
Cross-Domain Cookies
What's your favorite cross domain cookie sharing approach?
You could theoretically try and send an AJAX request from the Google Page with a "where should I direct this user to?" and expect a URL or a null.
See:
CORS $.ajax session cookies (access-control-allow-credentials & withCredentials=true)
Cross domain POST request is not sending cookie Ajax Jquery
But overall, your task is not as straightforward as it may seem. The browser will, fortunately, not play along.
I'm developing a Facebook connected website using the PHP SDK and I am looking for guidance on best practices for scaling.
I have two pages
http://www.example.com/foo.php -> User reads about the web app here and Authorizes the Facebook application
The user is then has the option to go to another page:
http://www.example.com/bar.php -> Custom page generated for the user based on data queried using FQL
I am looking to distribute this application across a series of servers on PHPFog and they are sitting behind a load balancer. This means that the user may end up getting foo.php from Server1 and then being redirected to Server2 for bar.php. I am concerned that this will break the Facebook auth session.
Does anyone know how I can correctly code for this scenario or if there are any best practices published anywhere?
The access token will be valid across both servers, you can even take the access token an use it in your own browser while it is valid.
I would store the access token in an encrypted cookie, that way every server would be able to obtain the right access token for the user.