I'm trying to secure a connection to a Java EE webapp using Keycloak.
Beeing completly new to Keycloak, and how to configure it, I would like to do this :
When trying to reach my webapp without beeing authenticated, I am redirected to Keycloak login page (this is done)
I enter login / password, and I want Keycloak to call a WS who will check my DB if this user exists, and will return a specified data to Keycload, if user found, to be used in the webapp when connected. (This is what I don't know)
I saw that we might use an "id provider" in Keycloak admin console, but I don't know if I have to use "SAML" or "Opend ID Connect" for start, and how to configure this ("authorization URL", "Token URL", "Client ID", "Client Secret")
Can someone help me on this please?
Thanks a lot
Related
We are running WSO2 IS version 5.10. and want to use external iDP (SafeNet) as step 2 authentication for Service Provider. I configured Service Provider in order to use an advanced configuration for the login process. I configured 2 steps where first step is basic auth and second step is federeted iDP - SafeNet (Saml2SSO).
Everything work's fine except one thing - when i try to logon to my application, WSO2 shows me login interface, I put my credentials (username and password) after that a redirected to SafeNet login interface and I should put my username again in safenet login page. So the user name, how it say correctly, does not transferred to step 2 (sorry for my English ))). I inspect SAML request which is generated by WSO2 and could not find NAMEID. Can any one help with this?
After creating an instance of parse server on AWS, I can see the configuration.
var api = new ParseServer({
databaseURI: "mongodb://root:gzkThVPNmUS5#127.0.0.1:27017/bitnami_parse",
cloud: "./node_modules/parse-server/lib/cloud-code/Parse.Cloud.js",
appId: "XXXXXXXaef",
masterKey: "XXXXX33150",
fileKey: "XXXXXXX7073",
serverURL: "http://XXXXX.us-west-2.compute.amazonaws.com:80/parse"
});
The problem is when I use the serverURL to my web browser, it asks user and password which I do know. I tried my user name and password from AWS but it does not allow me to login the parse dashboard.
This link helps: parse server credentials
User: user
The application password is randomly generated during the first boot. This password can be viewed as follows:
Log in to the AWS Cloud Console.
In the left navigation bar, select the "Instances -> Instances" menu
item.
Select your instance in the dashboard.
From the "Actions" drop-down menu, select the "Get System Log" menu
item.
Review the system log until you find the application password.
I had the same issue, which I have just resolved:
When looking into the AWS system log for the generated username user (by default) and password, make sure you manually type out the password that is generated when trying to login to the Parse dashboard.
Such copy and pasted clear-text passwords sent over the insecure http protocol doesn't work, and shouldn't work.
I am developing an Ionic 2 App that is authenticating users against Microsoft Azure Active Directory. Having trouble in figuring out how to implement the following flow using ADAL:
User enters "user-name" and "password" ==> Clicks on Login button ==> App makes Azure AD call by passing over the user entered "user-name" and "password" ==> Azure AD authenticates the user and returns back the result.
Following the Azure AD documentation, I was able to successfully implement "server-flow" where on making an Azure AD call, it opens up a new Microsoft Azure-AD login page for my app to enter "user-name" and "password". And upon successful authentication the user is landed back on to my app's home-page. This works fine but the experience is not great from UX perspective.
Following is the way I did it:
myAzure = new WindowsAzure.MobileServiceClient(MY_AZURE_APP_SERVICE_URL);
myAzure .login('aad').then(
(result) => {
//Successful Login
},
(err) {
console.log("In client.login callback failed");
});
});
Then, I followed Azure AD documentation to implement "client-flow". I have a question in this:
1. How do I pass in the "user-name" and "password" to Azure AD when I make "authContext.acquireTokenSilentAsync()" call or "authContext.acquireTokenAsync()" call.
Upon going through the implementation of these methods in the ADAL library, it appears that
"authContext.acquireTokenSilentAsync()" can accept only user-name and not the password. So, is it safe to assume that this method is not supposed to be used for login purposes?
"authContext.acquireTokenAsync()" can accept user-name but in addition, there is a parameter called "extraQueryParameters". Am I supposed to use this parameter to pass in the password? However, this is supposed to open-up a login page for the user on the screen. It did open a new login page on my device. So not sure how to develop my functionality.
If both of the above ways are not the right way to implement my flow of authentication then can somebody please help me by giving some pointers, links or sample links on how I can implement this?
My app's users are going to be in our corporate Azure-AD. I have created a separate Azure-AD Tenant for my app (also created the required setup so that it's tied up with my Azure App Service, etc.) and I would add users to this tenant when required.
Thank you.
Based on my understanding, the Client-managed authentication flow enables you to provide a single sign-on experience for users or to retrieve additional user data from the identity provider.
That's mean if you doesn't authenticate the identity data provider before mobile authentication, it still require to prompt the users to enter their username and password.
"authContext.acquireTokenSilentAsync()" can accept only user-name and not the password. So, is it safe to assume that this method is not supposed to be used for login purposes?
This method is designed for get the token silently via getting the token from cache or renew the token using the refresh token. It is not designed for this purpose.
"authContext.acquireTokenAsync()" can accept user-name but in addition, there is a parameter called "extraQueryParameters". Am I supposed to use this parameter to pass in the password? However, this is supposed to open-up a login page for the user on the screen. It did open a new login page on my device. So not sure how to develop my functionality.
No. You are not able to pass the password using this function. It will prompt users to enter their username and password by default. However if you have sign-in the Azure AD, you can acquire the access token without prompt via specify the PromptBehavior.Never like below:
var resoult = authContext.AcquireTokenAsync(resource, clientId,new Uri("http://localhost"),new PlatformParameters( PromptBehavior.Never)).Result;
Console.WriteLine(resoult.AccessToken);
I'd created a django project for sign in with google using django-social-auth.
I'd followed the doc and created an app in google developer console with "OAuth 2.0" and added API's of
Gmail API, Google+ API, Google+ Domains API and Google+ Hangouts API
In Credentials I've set up AUTHORIZED REDIRECT URIS to my production server url "mysite.com".
I'd configured django settings with the "CLIENT ID" and "CLIENT SECRET". This set up works perfectly on my local server, user is created and the email is associated for the user.
But when I moved to the production server, I get the error
"400. That’s an error. OpenID auth request contains an unregistered domain: mysite.com".
Did any one else faces a similar issue?
I also had the similar issue and I fixed it as follows:
If your google login URL is /login/google/, change it to /login/google-oauth2/
Add the following redirect URIs in your google app settings
http://<your domain>/<social-auth-prefix-if-any>/complete/google-oauth2/
http://<your domain>/<social-auth-prefix-if-any>/associate/complete/google-oauth2/
Hope this helps.
I am working on an external site to integrate django-allauth for facebook and google login. Facebook worked almost out of the box. However, with Google I get the "Social Network Login Failure" error.
Here is what I have done:
1.Google APIs console: Client ID for web applications configuration
Client ID: xxxxxxx.apps.googleusercontent.com
Email address: yyyyyyyy#developer.gserviceaccount.com
Client secret: xxx-yyy-zzz-111-222
Redirect URIs: http://learnbuzz.com/accounts/google/login/callback/
JavaScript origins: http://www.learnbuzz.com
2.Created learnbuzz.com site in Sites
3.Created the google app in Social Apps with the Client ID and secret from the google API console.
From the docs and few other SO questions, seems like that is all that is needed.
But, when I log in using google, I get to the accounts.google.com page where it asks the user to accept 'App sharing basic user information and email'. After I accept, it gives me a "Social Network Login Failure" for this url:
http://learnbuzz.com/accounts/google/login/callback/?state=l1WdxOgr26bB&code=4/lGhX6Dum_FNnM3FE39TcULZb1UMX.0jX6biQfm3MfEnp6UAPFm0F0CIGMgQI
What config am I missing?
Edit: I don't know if it matters but it takes the browsers quite some time before it throws out this error.
I've tried to access http://learnbuzz.com/accounts/google/login/callback and it requests http authorization. It is returning a 401 status code.
Probably your browser is already logged in and you can't see this request for authentication.
This page should be accessible from an anonymous browser windows. After you remove the need for authorization, it will work.