I want to disable the UAA's default Web UI application and use a custom one instead so I can show more informations to the user and give him the ability to perform more tasks. UAA default web application allow very basic operations like updating the email or password only.
UAA is available at a domain like: https://account.example.com, I want to display a custom application when the user goes to this endpoint.
The documentation states (here):
The UAA provides endpoints that facilitate the use of an external
login server. A server that handles the UI for browser based actions.
That was mentioned here as well.
How this can be accomplished?
Check out this script which will unpack a .war, add in your customized templates and resources, and pack up the .war again
https://github.com/starkandwayne/quick-uaa-deployment-cf/blob/master/bin/customize-uaa-war
Helpful?
Related
I need to create a development Google OAuth 2.0 Client ID for my app. I see that you cannot have an origin of http in the list of allowed origins. The error states...
Invalid Origin: This app has a publishing status of "In production".
URI must use https:// as the scheme.
So it seems I need to create a 'development app' so it can have its own OAuth key. However, I am finding it confusing on how to do this.
In my view I can see my org and what I think is a "Project". I can add another project, but I am thinking there should be a way to add an "App" to my existing project.
I think the hierarchy goes Org -> Projects -> Apps correct?
Where does one add a new App?
It is true that any app that has been set to production and has been verified can not have a redirect uri that is not https Redirect URI validation rules
You can create a new project on [https://console.cloud.google.com/apis/dashboard] for development.
Google says that for apps in production, redirect URIs must use the https scheme, not plain http. It seems however that localhost IP address URIs are exempt from this rule.
If you just need to create a new OAuth 2.0 Client ID, go to Projects -> /your app/ -> APIs & Services -> Credentials.
Over there, choose Create New Credential, then choose OAuth Client ID (depending on your use case).
Then you will be asked for the id/package-name of your app you want to create a Oauth client id for.
Otherwise you can always create a new project.
OAuthClient
The way you add an "app" really depends on how that application is implemented. You are correct that organizations have projects, but projects don't really have "apps," they have resources.
In this organizational hierarchy, the idea is that you either add a virtual machine, or a kubernetes cluster, or a cloud function, depending on whether you're using Google Compute Engine, Google Kubernetes Engine, or Cloud Functions, respectively (or anything else).
If you were using Google Compute Engine to implement your web application, for instance, you would add the virtual machine to your project (either via the web interface or the gcloud command-line interface), and then you'd configure a web server to handle incoming requests at whatever address you wanted for the OAuth webhook.
Again though, the main point is that you don't really add "apps", you add resources, so it really depends on how you're going to be implementing your web application. In short, however, you do not need to create another project. That would just bring you back to square one :)
I'm trying to create a Web Application based on create-daml-app and this Web Applications React Typescript will be deployed to Project DABL as well. How can we use the Parties that were been setup on the Project DABL Ledger Settings and be used as a login on the Web Application using React Typescript? Based on the create-daml-app, they are using the link (https://login.projectdabl.com/auth/login?ledgerId=${ledgerId}`) for the login wherein it uses the Project DABL Account.
I know we can download the parties as a json and then be used on the Web Application but can we dynamically used directly the setup that was been done on Project DABL Ledger Settings?
Thanks for future help!
In DABL, the parties you create are mapped to your DABL user account. The first time you join or create a ledger, a party is created in your name automatically, and you have the option of adding more. However, each additional party you add through the console still gets mapped to your particular DABL account.
Interactions with the ledger are authorized by party JWT tokens. The login button & link is essentially a shortcut to allow a user to log in to their DABL account, while automatically supplying the party ID/JWT for that user’s default party back to the deployed web app instance. The web app should store the resulting token and use it when communicating with the API.
If you're creating the additional Alice and Bob parties for the purpose of demoing or testing your application from the viewpoints of different parties, I would add some additional form inputs to the Login component that allow for entering the party ID and JWT directly. These can be copied from the Ledger Settings page in the console. Your React app would simply read the ID/JWT inputs, store them in state, and use them when making API requests in the future. This way you don't need to continually redownload/replace the parties.json file every day.
The Login component for DABL Chat is a good example app you can look at, that handles both the button and this ID/JWT input approach. You can deploy a copy of it onto a new project if you’d like to see how that works, or take a look at the source for a better understanding. Since you’re also using create-daml-app as a template, you will need to do some modifications to add those inputs and hook them into the API calls.
Note that if Alice and Bob are meant to be real production users of the system, then the recommended approach is to have them use the Login with DABL button, so that they join with individual DABL accounts. In this scenario, the parties.json from your Ledger Settings will not even include their JWTs, since you wouldn't have access to credentials belonging to other accounts.
See the DABL documentation on authentication and onboarding for more details.
How do I authenticate to a Custom Web Api from a SharePoint 2013/2016 single page app? I've seen a couple examples of using session which i really don't want to use, I'm thinking maybe a custom security token service or would it be better to add the web api as a provider hosted app (high trust) since this is on premises?
I found a solution finally, this one actually makes sense: http://blog.baslijten.com/getting-sharepoint-2013-apps-and-webapi-to-work/
I am looking for a way to automatically add users to WSO2 API Manager. I have a basic install with the H2 database, but someday I might move to postgres or something like that. What is the best way to add users from say a script?
In Carbon products (APIM, IS), All user store operations can be exposed via web services. External application can use these web services to add/delete/update/get in to user store users and groups. Please note, H2 is not recommended for products`
REST web service according to the SCIM provisioning specification.
SOAP based Web service. You can find more detail from here
WSO2 folks,
I'm looking at WSO2 Application Server, and I created a web app to invoke System.exit(), which brings down the whole app server. I'm asking because the apps from multiple tenants could be running on the same Application Server, and we need to prevent a malicous tenant from killing the whole JVM.
My first thought was to use a SecurityManager to restrict the access, but I'm not sure where should I set the SecurityManager, and how should I code the SecurityManager to ensure a secure app server.
Is SecurityManager the correct approach, or is there some other way to accomplish my requirement?
It has been protected using Java Security Manager and system is configured with policies ,which do not allow such calls.