You want to achieve the access denied page, but in IIS8 of cfm can not prevent you from access to me.
I have set so as not be able to access the user2 in authorization rules to the site.
user2 will map the client certificate.
I have disabled anonymous authentication.
Although to get the error of 401.3 If you access the test.html
in spite of have access denied to test.cfm
It tends to be connected.
I would like to reject the cfm page but How do I.
I think you are into IIS 8 and Coldfusion 10 looking for a login logout solution but the page errors, correct?
You may need to rerun the coldfusion config. See this similar post.
Coldfusion 10 on Windows 2k8 - .com/ loads OK but .com/index.cfm gives a 404
Related
I recently set up WSO2 Identity Server 5.7.0, and users have begun using it extensively. However, some are running into a problem where they accidentally hit the Back button in their browser after logging in, and they don't know how to get back to the application at that point. Refreshing the page does nothing, and trying to log in again takes them to an "Authentication Error" message on <IS_HOME>/repository/deployment/server/webapps/authenticationendpoint/retry.jsp, which does not provide any links to take them back to the service provider application.
I found this solution in the WSO2 documentation:
https://docs.wso2.com/m/mobile.action#page/85367898/header/CustomizingtheAuthenticationEndpoint-Handlingbrowserbackbuttonandbookmarkedloginpage
I have implemented the relyingPartyRedirectUrls resource under /_system/config/identity/config in the WSO2 Registry for each of the service provider applications defined in the environment, and it is working exactly as I had hoped in Firefox 68.3 ESR and Edge 44. However, it does not seem to work for Chrome 79 or Internet Explorer 11.
Problem script:
/logincontext?sessionDataKey=19283828-7f3a-49ff-a640-58b95d252b4d&relyingParty=my-sp-name&tenantDomain=carbon.super
In Firefox, this script contains the following code in the response:
{"status":"redirect","redirectUrl":"https://my.sp.com/"}
However, the same script in Chrome contains this code in the response:
{"status":"success"}
Do you have any recommendations for what tweaks I could make to the configuration in order to get this fix working in all (or most) browsers? If you have other recommendations for ways to mitigate the pain for users who don't think to click the "Forward" button in their browser, I would be very open to hearing them.
P.S. When a user tries to log in a second time after clicking the Back button, this is what shows up in wso2carbon.log:
TID: [-1234] [] [2020-01-13 18:52:20,400] ERROR {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Context does not exist. Probably due to invalidated cache
TID: [-1234] [] [2020-01-13 18:52:20,400] WARN {org.wso2.carbon.identity.application.authentication.framework.handler.request.impl.DefaultRequestCoordinator} - Authentication context is null, redirect parameter filtering will not be done for 19283828-7f3a-49ff-a640-58b95d252b4d
P.P.S. I discovered that when I load a bookmarked URL in Chrome 79, the fix works as expected. Also, if I use the Back button to get to the login page and then refresh the login page, that also causes the fix to take me into the app. It is only the initial load of the login page after clicking the Back button where the fix doesn't work (in Chrome 79, at least; the fix doesn't work under any of those circumstances in IE 11).
I tested the Chrome 79 with the dashboard app with the above configs and it worked fine. Can you check with the dashboard application?
If you want you can create a git issue in https://github.com/wso2/product-is/issues to report this behaviour directly to WSO2 IAM team.
Another suggestion, if you find the retry.jsp not intuitive enough, you can always modify/replace that with your custom implementation. For example if you have one main application, then you can add the link to your homepage in the retry.jsp. Then users can always go back to your application using that link.
I have such issue while using Sitecore ErrorManager module (https://github.com/unic/SitecoreErrorManager):
When I get custom errors pages in UI (for example, Not Found page or Access Denied page), user is not logged in. Does somebody know how to fix this?
Thanks!
There is a setting ErrorManager.SendClientCookies in the config of the Error Manager. This is by default set to false. When you change this to true, all the client cookies (also authentication cookie) should be send and the user should then be logged in also on the error pages.
See more information on the wiki.
We have created a site that needs to have most of the pages locked down to anonymous users. The only pages they should be able to access are:
Login
Reset Password
Account Validation
Page Not Found
Privacy Policy
T & Cs
The startItem of the website has been set to "/Home" as all of the other pages included those that are allowed anonymous access are below.
This node has had "extranet\Anonymous" read removed and then we allow read access of the specific pages that we want them to have access to.
What we have found is that if we request a Url such as: www.domain.com/page-i-cant-get-to then Sitecore will redirect you to the url set in the loginPage attribute on the site, which is correct.
However if I request www.domain.com I get a an error saying "The layout for the requested document was not found.
If I do login, then go the same Url, everything is fine.
I've stepped through the ExecuteRequest pipeline and have found when requesting www.domain.com/page-i-cant-get-to the Context.Item is null, so it's passed into the HandleItemNotFound(args) method.
If we request the root page, then this is set to be the root sitecore node ID {11111111-1111-1111-1111-111111111111} and so passes over the HandleItemNotFound and into the HandleLayoutNotFound(args)
I tried using the "requireLogin" attribute, but then I can only get access to the loginPage and not any of the other pages I want to allow anonymous access to.
I have also tried changing the startItem to be the login page, but then all the Urls for the pages are in an incorrect structure.
Is anyone able to shed any light on how this should be done?
Thanks in advance
Why don't you try leaving anonymous user with read permission on the home item and then deny the pages(items) you want to block?
I have this weird problem in IE 9. I have a site which allows a user to login and can also be logged in by a separate website using web service in the background. When logged in, a cookie is created. In fiddler, I can see the user has logged in to my site from the third party website and the cookie is created. The third party site makes an ajax call and the cookie is created in my domain.
But when I click on a link to my site from the third party site, the login page is displayed again. I wrote a debug code that states in the page that the cookie does not exist but I can see in IE settings that the cookie does exist. The cookie expires in 24 hours.
How do I fix it? By the way, it works fine in most other browsers including IE8, IE7, Chrome.
This is similar to - IE9 Separate cookies for third party request - but there is no response there.
There is a limitation introduced in IE 9+. It isolates different zones to access each others' data. For example if a cookie is created in example.com for domain:example.com, a.example.com cannot access the cookie if their zones are different (one is intranet, one is trusted, etc.). You can check the zones in Internet Option -> Security tab.
For more information check Cookie Sharing in Cross-Zone Scenarios
I have a web service which the home page is displayed and runs if I turn on Integrated Windows authentication. Now if I turn that off and Anonymous Access is on I can not even get to the wsdl page. I get the error
Access is denied.
Description: An error occurred while accessing the resources required to serve
this request. The server may not be configured for access to the requested URL.
Error message 401.2.: Unauthorized: Logon failed due to server configuration.
Verify that you have permission to view this directory or page based on the
credentials you supplied and the authentication methods enabled on the Web server.
Contact the Web server's administrator for additional assistance.
Version Information: Microsoft .NET Framework Version:2.0.50727.3625; ASP.NET
Version:2.0.50727.3634
The IIS I am working with is 5.1
I gave IUSER access to the directory, full control for now.
I am out of ideas. Thank you for your help
The root cause of this issue had to do with the website requiring Windows Authentication but the switch for HTTP-keep alive in the IIS Manager was unchecked.