Hi how can I specify where to redirect after I press NO in logout...
Now it goes like this:
Can I specify my own url? I know about post_redirection_uri but it only works with YES pressed.
Related
When I create a User in my test application, an email is sent to the user to create a password in order to log in successfully to the application.
In this email, there is a link to set the password. After adding the new password and click the proceed button, we are redirected to the /carbon management page instead of /myaccount page.
By investigating more, I found out that if I try to access My Account Page passing a query param
passwordReset=true I get a 405 Method Not Allowed error.
The version of wso2is is 5.11.0
What is the correct configuration so that after a user sets the password we could redirect him to log in directly to our test application or my account?
You have to append the query parameter callback to define where you want to redirect after the reset. A sample reset password link
eg: https://{is-server}/accountrecoveryendpoint/confirmrecovery.do?confirmation=151cbca7-2961-45d7-a108-49f34ade6aea&userstoredomain=USER&username=sample&callback={test-application-url}&type=reset
I am using AD B2C custom policies with my own custom UI. For some purpose I'm adding some cookies. As the UI runs under B2C domain (eg: tenant.b2clogin.com) these custom cookies are created under this domain.I need to found a way to remove these customised cookies when we do the B2C logout. I know the B2C has a way to redirect to a logout URL, but, I'm not sure it will work because this URL is out of the B2C domain when the cookies are created. Do you have a suggestion about how to customise the logout to remove these custom cookies placed under B2C domain?
Currently we can not customize the sign out UI directly by using custom page layouts.
When you logout from your web app you should redirect to B2C's logout endpoint as described in the document.
When you want to sign the user out of the application, it isn't enough
to clear the application's cookies or otherwise end the session with
the user. Redirect the user to Azure AD B2C to sign out. If you fail
to do so, the user might be able to reauthenticate to your application
without entering their credentials again.
The logout endpoint can receive an optional post_logout_redirect_uri parameter in the query string, where you can specify another URL where your user will be finally redirected by B2C. That can be the address of any resource, e.g. you homepage or your own page showing a "You successfully logged out of our service" message to the user.
post_logout_redirect_uri - The URL that the user should be redirected
to after successful sign out. If it isn't included, Azure AD B2C shows
the user a generic message.
Postman now has support for Oauth2.0. The nice thing is that if necessary, Postman will display a pop-up login modal for authentication if the Auth URL redirects to a login screen.
My question: is it possible to display this same modal for a request via a script? I would like to replicate the same Oauth flow via a script (instead of having to generate an access token via the button).
Thanks!
Yes, You can get this done. Instead of having a button create a modal dialog using javascript and get username and password from the dialog and poss them to the oauth request to get the token. I believe you are using password credentials grant where you need to send username and password while making a request.
Here at my company, we started using Ping Federate as our Identity provider, this is linked with the AD for user info and so on.
The login works via the OAuth page, and this works great, I can login, do things, then when my access_tokenexpires this get's refreshed and I can continue without the user even noticing it.
But now I got the request of one of the users if he could switch logins.
but this isn't possible, because when I click login, the popup of PingFederate that get's fired doesn't asks for the credentials, it just continues and uses the last credentials.
However when i clean my cookies and I login it asks for the credentials again, but I can't ask the users to clear all it's cookies whenever he wants to switch users.
I tried clearing the cookies of the PingFederate Domain when I logout, but no luck:
me.$cookies.remove('PF', {domain: 'federation.xxx.com'});
any body else has an idea what I can do to make this work?
You should be able to use PingFederate's logout features to achieve what you're after.
If you're using just the HTML Form Adapter to log in users, then you can configure a logout path in your adapter instance that you can ask users to go to to logout. See "Logout Path" here: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=ttq1564003023121.html
Alternatively you could enable single logout (SLO) which will trigger a logout at all adapters or other authentication sources the user may have logged in to. For more details, see:
https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=php1564002958041.html
https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=pqn1564002990312.html
I have a password check (not a user login, just a password verification). I have a form that user submits data. The request gets sent to a page, if the password is correct or not they both get back to the same page.
I want to send a argument to the page about the job. I was thinking of something like this: foo.com/page?success.
I can't get shortcuts.redirect to do that.
I am currently doing this:
HttpResponse('<script type="text/javascript">window.location.replace('+reverse('app:index')+');</script>')
redirect redirects to whatever path you give it. If you give it /page?success, it will redirect to that.
Figured it out nevermind
HttpResponseRedirect(reverse('app:index')+'?arg')
This does it.