Wso2 IS 5.10.0 I have configured basic auth and sms otp. I wanted to trigger basic auth using url like below without login page(skipping login page with authentication at backend with the username and password provided).
https://192.168.1.10:9448/oauth2/authorize?client_id=USER_PORTAL&code_challenge=KmuKeL_V3Gc5rRp9zEQeK0SFMrHZU25lLyrtnr8uekE&code_challenge_method=S256&commonAuthCallerPath=/oauth2/authorize&forceAuth=false&passiveAuth=false&redirect_uri=https://192.168.1.10:9448/user-portal/login&response_type=code&scope=internal_login+internal_humantask_view+openid&relyingParty=USER_PORTAL&type=oidc&sp=User+Portal&isSaaSApp=false&username=test&password=test#123
The login is successful but after that smsotp page is throwing 401 error even after authentication. But same thing is working if I am login with login page(mobile sms otp page will be shown successfully). I am not getting what is wrong.
EDIT:
After login it is routing to sms otp page like below.
https://192.168.1.10:9448/oauth2/smsotpauthenticationendpoint/smsotp.jsp?client_id=USER_PORTAL&code_challenge=KmuKeL_V3Gc5rRp9zEQeK0SFMrHZU25lLyrtnr8uekE&code_challenge_method=S256&commonAuthCallerPath=%2Foauth2%2Fauthorize&forceAuth=false&isSaaSApp=false&passiveAuth=false&redirect_uri=https%3A%2F%2F192.168.1.10%3A9448%2Fuser-portal%2Flogin&response_type=code&scope=internal_login+internal_humantask_view+openid&sp=User+Portal&tenantDomain=carbon.super&sessionDataKey=c23b62da-3031-44fd-892c-5cff2e62db58&relyingParty=USER_PORTAL&type=oidc&sp=User+Portal&isSaaSApp=false&authenticators=SMSOTP
This invalid URL (/oauth2/smsotpauthenticationendpoint/..) is generated due to relative URLs configured for the following properties (in deployment.toml). To address it, you can update them with a slash at the beginning as below.
[authentication.authenticator.sms_otp.parameters]
SMSOTPAuthenticationEndpointURL= "/smsotpauthenticationendpoint/smsotp.jsp"
SMSOTPAuthenticationEndpointErrorPage= "/smsotpauthenticationendpoint/smsotpError.jsp"
MobileNumberRegPage = "/smsotpauthenticationendpoint/mobile.jsp"
Related
I'm looking for any tutorials or blogs related to Auth and Cookie managemnt in postman app. I'm new to Postman so need some guidance.
I'm currently testing an API that follows the following workflow.
visiting portal.site.com it redirects to login.site.com and sets X-csrf token & cookies to it, The login is performed in two steps 1 verify email and then verify password to login and once login is validated you're redirets back to portal.site.com
I have created a postman collection it has 5 total requests
1) GET Visiting portal.site.com
2) POST Login Email Validation on login.site.com
3) POST Login Password Validation on login.site.com
4) GET Redirected back to portal.site.com
5) POST Get Profile Data in JSON response on portal.site.com
I need to validate the last request and get the data in response. This can only happen when login is done properly in above requests and cookies are set properly on portal.site.com via login at login.site.com.
If you can share any options on how to do it, I'll be really thankful.
What you are describing is the authorization-code workflow of OAuth2.
https://auth0.com/docs/flows/authorization-code-flow
Postman supports it as a built-in feature.
I'm trying to use Federated Authentication to enable login with Microsoft AD. It works fine and we can login. But when I call LOGOUT endpoint as the documentation says ( https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html ) and try to login again I'm not being redirected to Microsoft page to type my email and password again.
It seems like the email and password I typed are in cache and I just can see this login page again if I clean cache. How can we really logout the user in a way that when he login he needs to type his email and password again ?
Edit: I enabled 'Sing Out Idp Flow' as suggested in the answer but now I'm getting a 400 response saying "Required String parameter client_id is not present"
Does anybody have any clue how to solve this problem ?
You will need to ensure you select 'Enable IdP sign out flow' on your SAML Identity provider in Cognito. After navigating your browser to the logout endpoint, you should then be redirected to the SAML IDP logout aswell.
https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-user-pools-managing-saml-idp-console.html
Select Enable IdP sign out flow if you want your user to be logged out
from the SAML IdP when logging out from Amazon Cognito.
Enabling this flow sends a signed logout request to the SAML IdP when
the LOGOUT Endpoint is called.
Configure this endpoint for consuming logout responses from your IdP.
This endpoint uses post binding.
Edit: I enabled 'Sing Out Idp Flow' as suggested in the answer but now I'm getting a 400 response saying "Required String parameter client_id is not present" Does anybody have any clue how to solve this problem ?
You need to include the client_id parameter when calling the logout endpoint, the parameter is specified as required in the documentation you provided. The client id can be found in AWS Cognito console in User pools > Your User pool name > App Integration > Your app client name and you should see a Client ID there.
I am new to work with wso2.
I am using Facebook or Gmail identity provider to get authenticate using travelocity application.
At First time wso2 redirect to Facebook login page or Gmail login page by which i want to login.
But at second time wso2 do not redirect to Facebook or Gmail login page direct shows home.jsp page with profile information of Facebook or Gmail.
My question is: What should i do if i logout then try to login then wso2 redirect us Facebook or Gmail login page.
This basically happens when you have the previous session stored in the browser and SAML logout has not happened properly.
Have you tried the logout button in the Travelocity app? Where did you find this smaple. Better to build and take the app from here https://github.com/wso2/product-is/tree/master/modules/samples/sso/sso-agent-sample
Futhermore, we do have two more SAML samples if you want to try. You can find them here https://github.com/wso2/samples-is/tree/master/sso-samples/saml2-sso-sample
I've followed the both packages documentations and using example from rest-auth doc. I've followed all the steps and I can successfully use this API to register/login user with facebook. API returns me token and user object but this token is not working with JWT authentication. But if I set this user's username in the db and then post the facebook login request again then returned token works fine. What does this social authentication process has to do with username? Is there something I need to do to properly configure it?
I am using custom user model and have both username and email for authenticating users. Please let me know if any further info is needed for figuring out the problem.
after 1.7.0 in rest_framework_jwt,it use username to query user in authenticate_credentials().But when you use facebook accessToken to login firstly by rest_auth, the user doesn't have a username.
So you will recieve a 'Invalid payload.' message.
I have this problem too.And I do this work now.
Sorry for my bad English skill.
I have created an custom authentication endpoint, like https://www.custom-auth.localpc, which is being redirect to by WSO2 when i try to login.
However, when I click in OK and send the POST back to http://localhost:9443/commonauth, WSO2 replies with a 302 that redirects to http://localhost:9443/https://www.custom-auth.localpc?loginStatus=true.
When I checked the console log, I found the following error:
ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Exception in Authentication Framework
org.wso2.carbon.identity.application.authentication.framework.exception.FrameworkException: No authenticator can handle the request in step : 1
The service provider that requests the login is correctly configured because it works with WSO2 default authentication endpoint.
Any thought on this?
So, the issue was quite simplier that I thought. The redirects from wso2 were more of a misdirection.
So, when submitting the data, the field username and password must be lowercase.
Any issue found with the post data, it redirects with a 302 to the carbon login page.
I think this may happen because of the canHandle() method. you can refer other custom authenticators which are using external endpoint and try these are how handle the request.