I need to do the following steps:
1 - authenticate through shibboleth on local coldfusion server
2 - create security token on local coldfusion server
3 - redirect to external site passing along the security token.
Can I perform the redirect through Coldfusion (and how is that done) or do I need to do the redirect through my shibboleth config on the local server?
Related
Currently I'm trying to setup my Google Cloud organization to accept login from SSO using Keycloak. I've followed the documentation from Keycloak and from Google during the setup, but the setup isn't working. Can someone confirm if the client configuration is properly set? Anytime
I login into the keycloak with the my test keycloak user in keycloak I get redirected to google authentication page and from there keycloak is out of the authentication. When I'm trying to login from Google Account login page, I can't get redirected to the sso, so basically the connection between Keycloak and Google isn't working properly.
Client Setup
Client ID - google.com/a/gcp-test2.com
Name - gcp-test2.com
Enabled ON
Consent Required OFF
Client Protocol - saml
Include AuthnStatement - ON
Include OneTimeUse Condition - OFF
Sign Documents - ON
Sign Assertions - ON
Signature Algorithm -RSA_SHA512
Force POST Binding - ON
Front Channel Logout - ON
Force Name ID Format - ON
Name ID Format - email
Root URL - empty
Valid Redirect URIs - empty
Base URL - /auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com?RelayState=true
Master SAML Processing URL - https://google.com/a/gcp-test2.com
IDP Initiated SSO URL Name - gcp-test2.com
Target IDP initiated SSO URL: https://fqdn/auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com
Assertion Consumer Service POST Binding URL - https://google.com/a/gcp-test2.com
SSO config on GCP side:
Login URL: https://fqdn/auth/realms/gcp-test2.com/protocol/saml/clients/gcp-test2.com?RelayState=true
Logout URL: https://fqdn/auth/
Use a domain-specific issuer - checked
Certificate is the one from the REALM certificate with public key.
This :
Assertion Consumer Service POST Binding URL -
https://google.com/a/gcp-test2.com
Should point to
https://google.com/a/gcp-test2.com/acs
https://cloud.google.com/architecture/identity/keycloak-single-sign-on documents how to do this and it works for me. As it is noted in blue:
Note: For SAML federation to work, Client ID must be google.com.
So change you client ID to google.com.* .
I don't know why you use RelayState, I do not see that mentioned.
Set it up precisely as documented and it should work.
AWS Cognito doesn't accept localhost as signin url. My app is hosted on S3 and behind a CloudFrnot distribution, so we can get https url. I'm using amazon-cognito-auth-js to do authentication on my app. Even if I run my app locally, after authentication, it will redirect me to my cloudfront url, and I need to check logs from Chrome developer tool. So for any change / test, I need to build my app, and upload it on S3, use a new inognito sesison on my browser. I'm wondering is there an easier way to do local development with Cognito? Is there any way to redirect Cognito to localhost and do local test there? Any other idea is welcomed.
Found the answer: you can add http://localhost:3000 as callback url (sign in) into your User Pool App client. You can either create a new app client for this purpose, or add a new callback url (comma separated) to existing app; each user pool client app can have multiple call back urls.
You can use localhost to test out cognito. The problem is that cognito doesn't allow HTTP. If you install an IIS certificate on you computer to use HTTPS on your machine, you will be able to use that as callback url. A tutorial for doing this is here
I am using Google OAuth for my Django App (via allauth package)
I have followed all standard configuration steps. In Google Developer console here's what i have:
Authorized JavaScript origins
https://example.com
Authorized redirect URIs
https://example.com/accounts/google/login/callback/ - login fails
http://example.com/accounts/google/login/callback/ - login succeeds
What i observe that if i have a https redirect URL in Authorized redirect URIs, it does not allow login and it fails with redirect_uri_mismatch Error. If i have a http redirect URL then the login succeeds.
What do i need to do to have a https enabled redirect URL ?
Adding the following in production settings.py fixed the problem for me:
ACCOUNT_DEFAULT_HTTP_PROTOCOL='https'
**This worked for me :
Go to https://console.developers.google.com
Add without port http://127.0.0.1/accounts/google/login/callback/
Also Add http://localhost/accounts/google/login/callback/
see the image in the link for detail
In my case, the problem was in the following:
My website switched the access to HTTPS-only connections, while in Google API dashboard was http://profile.example.com/accounts/google/login/callback/.
So, I changed:
from http -> https and it begins to work fine.
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
Error message says there is no SSL at your domain which you tried to use the API, but I already added it to Valid OAuth Redirect URIs so this makes no sense.
Cause validator says this is a valid redirect URI for this application and I am using a wordpress plugin named Woocommerce Social Login. Its settings also offering the valid URI.
What can be the cause now? They(FB) don't accept the Lets Encrypt SSL as an SSL anymore?
I have fixed the situation by just checkin the url requested when we try to login with facebook, it shows http instead of https. So the source of the problem is wordpress social login plugin.
https://www.facebook.com/v2.8/dialog/oauth?client_id=<ClientID>&redirect_uri=http%3A%2F%2example.com%2F%3Fwc-api%3Dauth%26done%3Dfacebook&response_type=code&scope=public_profile%2C%20email
I have difficulites to configure the facebook developer page in order to use the "facebook authentication" for a web site based on django and django-allauth.
Here is the Context :
DNS : www.mysite.com
Subdomain for development : dev.mysite.com redirected to XX.XX.XX.XX :8000
The server is running on my windows PC behind a simple home router. I launch it with the usual command:
Django runserver 0.0.0.0 :8000
The connection to server : dev.myste.com is OK
But the click on « login with facebook » button gives this error:
URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs.
The Facebook configuration is:
Settings/basic :
App Domains= mysite.com
Site url : dev.mysite.com
Product/login:
Client OAuth Login : Yes
Web OAuth Login: Yes
Embedded Browser OAuth Login : Yes
Force Web OAuth Reauthentication : No
Valid OAuth redirect URIs: http://dev.mysite.com
Login from Devices: No
Thank you for you help and attention.
Using Firebug, i see that the django server sends to facebook the following oauth request.
https://www.facebook.com/dialog/oauth?scope=email&state=RXBpz0X5agrX&redirect_uri=http%3A%2F%2FXX.XXX.XXX.XX%3A8000%2Faccounts%2Ffacebook%2Flogin%2Fcallback%2F&response_type=code&client_id=ABCDEFGF
Notice redirect_uri parameter in the request.
I add the redirect_uri parameter to the field "Valid OAuth redirect URIs" in the facebook/login page and it works immediately.