I wanna write my own auth service, but I'll use it only on current subdomain. Can I use it in this way? If yes, how can I do it? Maybe I can use checking page id, or domain?
I'd suggest using TYPO3's application context instead. You can check for a specific context (or Development in general) in your ext_localconf.php and only call ExtensionManagementUtility::addService() if you are in the desired context:
if (\TYPO3\CMS\Core\Utility\GeneralUtility::getApplicationContext()->isDevelopment()) {
\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::addService(...);
}
This way your service is not registered in any other context.
Related
I need to add a WebRootContext to all the calls in the WSO2 Identity Server's Implicit Flow so that I can make calls through an API Gateway. I have managed to do this for all the calls I need by changing the
<WebContextRoot>/wso2-is<WebContextRoot>
property as well as changing the name of my webapp folders: wso2-is#authenticationendpoint and wso2-is#oauth2 endpoints. I can now successfully call http://localhost:9443/wso2-is/oauth2/authorize.
I also changed the endpoints in repository/conf/identity/identity.xml to include the wso2-is root context, specifically the OAuth2AuthzEPUrl, so that in the management console this shows up under identity:
However, after I login, the application calls http://localhost:9443/wso2-is/commonauth which has a return location of http://localhost:9443/oauth2/authorize?sessionDataKey=... and I can't figure out how to add my context root to the returning call. Where does the commonauth endpoint get the location it returns to? I'm assuming there is some property I need to set to make that happen, but I can't find it.
I also tried re-seeding the database with all my changes and this did not solve my issue either.
I looked in the source code here in github and couldn't find any references to commonauth or oauth2/authorize that stood out as to where this call is being formed. Any additional details would be greatly appreciated.
As per the official documentation, using a reverse proxy is the recommended way to add a custom context path to wso2 products.
However, as I wrote in another question, I could complete the implicit flow with local auth successfully with the mentioned configs in my answer.
I guess, what you are missing here is ProxyContextPath.
I'm running WSO2 5.7.0, using OIDC with the Implicit Flow. I have set the context root to wso2-is, so the authorize endpoint is located at http://MY_DOMAIN/wso2-is/oauth2/authorize. When I begin the flow with a GET call to the oauth2/authorizeendpoint, I am redirected to http://MY_DOMAIN/authenticationendpoint/login.do?client_id=MY_CLIENT_ID&commonAuthCallerPath=%2Foauth2%2Fauthorize....
The problem is that it drops the context root and so later in the Implicit Flow I am (incorrectly) redirected to http://MY_DOMAIN/oauth2/authorize, which fails because that URL lacks the context root of wso2-is. How/where in the code is the commonAuthCallerPath parameter set?
As per the official documentation, using a reverse proxy is the recommended way to add a custom context path to wso2 products.
If you are not going to use a reverse proxy, I would suggest the following steps to add a custom context path. But, note that I have tested basic authentication with oauth2/oidc only.
Set WebContextRoot in repository/conf/carbon.xml to /wso2-is to change the context path of the carbon management console
Set ProxyContextPath in repository/conf/carbon.xml to /wso2-is
Rename oauth2.war and authenticationendpoint.war in repository/deployment/server/webapps/ by adding a prefix wso2-is#
Update repository/conf/indeitiy/identity.xml all the relevent instances of the following pattern by adding the context path /wso2-is after the port
${carbon.protocol}://${carbon.host}:${carbon.management.port}/xxxxx
to
${carbon.protocol}://${carbon.host}:${carbon.management.port}/wso2-is/xxxxx
Update AuthenticationEndpointURL, AuthenticationEndpointRetryURL and AuthenticationEndpointMissingClaimsURL values in repository/conf/identity/application-authentication.xml by adding /wso2-is prefix
Restart the Identity Server
Do not forget that, this is not the recommended way in the documentation.
I am trying to distinguish on the server side if a userid is using an app. I can use token_for_business and it will return an error, but that seams not the right way, do you know how?
Regards
Is this is your own app? If so you could define a custom user-agent string, and then check for that server side.
I use jetty with Google Guice. I init the session in this way:
HttpSession sessionRequest = request.getSession(true);
I know that the session is always created if it wasn't exist.
I also know that by default this line creates a cookie in the response with the same domain I've requested the servlet (eg. domain.com).
What should I do, If a session created - let's say - on x1.domain.com, then I'd like to redirect the user to x2.domain.com, and I want to keep the JSESSIONID created on the first domain (x1.domain.com)?
I tried to start jetty with init params where I set up the default domain to ".domain.com", but it wasn't the best (although it worked), because, I use this application on different domains (domain1.com,domain2.com, etc.).
So, what is the best way to solve this? I think the best way is to transfer the JSESSIONID somehow to the new domain. But... how? :)
Thank you
I have an ASP.NET (1.1) web service which authenticates clients using a SoapExtension.ProcessMessage(SoapMessage) override as described in:
http://www.codeguru.com/columns/experts/article.php/c5479
However if the web.config if not set up such that HttpSoap is the only protocol allowed, then ProcessMessage will never get called for requests coming in on other protocols, and therefore bypass security.
Is there anyway to programatically ensure SOAP is being used (as opposed to relying on the web.config to be correct)?
Thanks.
If it's of any use to anyone, I ended up checking:
Request.ServerVariables["HTTP_SOAPAction"] != null
which isn't ideal but seemed to do the trick.
Look in Request.ServerVariables, specifically the SERVER_PROTOCOL variable.
http://www.aspcode.net/List-of-RequestServerVariables.aspx
You could try to read and parse the web.config at startup, to see if it's set the way you'd like it to be.