I have enabled multi-tenancy in GCP Identity Platform and unchecked "Enable create (sign-up)" in User Actions section of Identity Platform settings.
I have then implemented example sign-in page by following https://cloud.google.com/identity-platform/docs/multi-tenancy-ui this tutorial.
Specifically I have this snippet in my frontend code:
<script>
var ui = new firebaseui.auth.AuthUI(firebase.auth());
firebase.auth().tenantId = <MY-ONE-AND-ONLY-TENANT-ID>;
ui.start('#firebaseui-auth-container', config);
});
</script>
My problem is that it's still possible to create accounts in this tenant scope despite unchecking the "Enable create (sign-up)".
Additionally, if I comment out this line: firebase.auth().tenantId = <MY-ONE-AND-ONLY-TENANT-ID>;
I get expected This operation is restricted to administrators only. error. Therefore I understand that this setting has effect in general scope of my project.
Question is how do I achieve the same for my tenants if "Settings" page is only available for general scope. It displays <TENANT-NAME> is a tenant, you can manage <TENANT-NAME> and other tenants in <PROJECT-NAME>
Based on this article, when sign-up is disabled in the project settings, it should be mirrored with adminRestrictedOperation flag having set to true in Firebase. Disabling sign-up in the project settings without setting this to true will not have any effect.
Additionally, you might find this GitHub article useful. You can disable new user sign up with email providers by setting the flag disableSignUp.status to true. This will display an error message when new users attempt to sign up.
Related
I'm trying to create my first project in google cloud with organization's administrator account. I have access to the administrator's email and passwords and I am logging in with that account to do so. The problem is that when I click on create new project I receive the following error:
There was an error while loading /home/dashboard?project=proven-now-305315&authuser=1.
You are missing at least one of the following required permissions:
Project
resourcemanager.projects.get
Check that the project ID is valid and you have permissions to access it. Learn more
Send feedback
The detail is that in my resource administration panel I already gave the permission that they ask me to the resource as shown in the following image:
As I have read, the project IAM Admin role should grant the resourcemanager.projects.get role and as you can see in the image the resource rcv # .. which is the administrator has it activated, however I keep trying to create a new project and it doesn't allow me to do it. Any idea?
In case anybody else, like me, reaches this answer, I want to point out that the accepted answer is correct, but for me I had to also make sure that within the settings, I ensured that Project Creation Settings on the right pane and under the section of Cloud Resource Manager Api Settings was set to on. It was turned off by default. Many people on my team overlooked this as it is significantly smaller text.
This may be an option that was not present before or it was turned on by default in the past. For us, it was turned off.
Please refer to the included image for a visual representation of the
settings that need to be turned on.
The problem was for some reason the Google Cloud was disable for all users, I solved following this instructions. Solved with this!
To activate this service, please follow the steps:
Access the admin console and go to Apps -> Additional Google Services
Look for the service “Google Cloud Platform” and click on the box next to it
In to top right corner click in “ON”
Confirm you want to turn it on in the pop-up box.
I want to use the WSO2-IS (5.5.0) as Identity Provider for my various applications and enable single sing-on for all of them.
I have added one of my app as service provider and configured the Oauth/OpenID Connector it.
Because I want to allow my users to signup by themselves, I have enabled 'Self User Registration' under Account Management Policies in Resident Identity Provider.
So When I try to self signup, I receive the sign up page with bunch of form fields which I want to edit.
Here is the screenshot of what I form fields I get:
How do I edit this page?
For example, If I just want FirstName, LastName, Password, ConfirmPassword and Organization what are the changes to be made and where?
From the documentation, I figured out that Claim Configuration of the Service Provider should do the thing.
I have even tried to configure the claims and tried to use custom claim dialect. But with no luck.
How do I achieve it? Any help will be appreciated.
Attributes that shows in the self sign up page are the WSO2 dialect claims which has "Supported by Default" configuration enabled. If you o to claim dialect list page and go to "http://wso2.org/claims" dialect and expand agny claim, you can see this configuration. Mandatory one's (which has the red astrix mark) are the claims that has "Required" config enabled. For example see below config of the department claim.
If you go to one of the user's profile from the management console, you can see the same set of claims there also.
You can change the "Supported by Default" and "Required" config of each claim to cater your requirement in the registration profile.
One other option is you can customize the self sign up page itself. Page is self-registration-with-verification.jsp in accountrecoveryendpoint we application in <IS-HOME>/repository/deployment/server/webapps folder. But still you will have to ask the user to enter the "Required" claims
When I go to "My Identity -> My Profiles", it does not give me the option to Add New Profile (as seen on the documentation for User Profile Management), but I can only edit the default profile.
I am using an external MySQL server as the JDBC user store, and creation and editing of users works fine.
I did not find any parameter in the xml files to enable this multiple profile feature. How should I proceed?
Thanks.
Yes. I also find the same. Adding multiple profile for user has been removed from UI. But with JDBC user store, I guess, we can add this using the web service API. Following is the API
https://{ip}:{port}/services/UserProfileMgtService?wsdl
Recently i realized that i need more than basic information for my facebook application.
I need the user's birthday as well.
In my App permissions configuration i added "user_birthday" and by checking the example given by facebook the permission was added successfully.
(goes without saying that i clicked "Save changes")
when im trying to log in to my application the "user_birthday" does not appear.
(after waiting several minutes and another 24H)
any ideas what else do i need to configure in facebook?
when im trying to log in to my application the "user_birthday" does not appear.
Are you triggering the login from within your app’s code yourself?
In my App permissions configuration i added "user_birthday"
These settings are for Authenticated Referrals only. Unless your login is triggered by those, these settings will have no effect.
If you are triggering login yourself, you have to request the permission via the scope parameter.
I think what you're missing out the fact that the
permission scope
is by default not set on facebook's development plattform. It's usually done though the login link.
If you want every user to be prompted for certain permissions you need to enable "authenticated referrals" as described here.
All SDK's allow a scope parameter for the login link. You can add the scope manually to every link using a scope parameter, like so:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
&scope=user_about_me,user_birthday
I'm using the xfbml Add To Timeline social plugin (https://developers.facebook.com/docs/reference/plugins/add-to-timeline/), but when I click it the permissions dialog I get just says "Access my basic information" and sure enough it isn't actually getting me the publish_actions permission I need to use the timeline. I tried specifying the perm explicitly on the tag like so:<fb:add-to-timeline show-face="false" mode="button" perms="publish_actions"></fb:add-to-timeline> but no luck.
This was working fine yesterday and suddenly now it isn't. I'm wondering if this has something to do with my adding and removing my app from my facebook account multiple times?
This was driving me crazy for a long while. In my case, I fixed it by enabling 'Enhanced Auth Dialog' under the Advanced tab of my app settings.
When asking for publish_actions Facebook shows a preview screen of what sort of aggregations your app will create on their timeline.
In other words, if the preview isn't working, Facebook won't ask for the permission so you're asking in vain. Facebook doesn't make this clear in the docs, but everything needs to be perfectly setup with your app on Facebook to get this to work right.
Enable Enhanced Auth Dialong in the advanced settings of the app
Make sure you have at least one action and one object set up in the open graph section
For each action you must have an aggregation set up.
If you do not do all of these steps, there can be no preview and so Facebook won't ask for permission no matter what.
I faced the same issue. I fixed it by doing the below mentioned two thiings.
a. Enabled 'Enhanced Auth dialog' from 'advanced' setting of the app.
b. blanked 'user and friend permissions' along with 'extended permissions' tab on 'auth dialog' page.
I am not sure what it did, but it started working.
BUT.. Even though the authentication works and the posts are reflecting on my timeline, the add-to-timeline button still shows, 'Add to Timeline'..
The other trick i used is to keep checking the app permissions under account setting tab of my profile page.
Hope this helps !
From Apps -> Settings -> Auth Dialog:
While in Open Graph Beta, the 'publish_actions' permission can only be
requested from developers and test users of your app. The
'publish_actions' permission will be ignored if requested from any
other user.
I had the Enhanced Auth Dialog enabled in the Advanced Settings, yet this did not work until I added a Aggregation Preview for the activity. Strange, but true.
Hope this helps.
The publish_actions permission appears only if the user has added timeline OR if your app is a game. I suppose it will also be available for apps when Timeline will be rolled out to all users...