On a Terminal Server 2012R2, when logging into login.microsoftonline.com on Internet Explorer 11 IE11
…this is what comes up.
Cookie error
The reason this is being tested in IE11 is that it was worked out, that is what Outlook is using for Modern Authentication. (I don't know why as i thought Office 2016 was supposed to use Edge for authentication?)
Internet Explorer settings that have been tried…
Advanced Page - Reset all settings
Security Page – all zones to lowest and Enabled Protected Mode off
Trusted Sites – all Microsoft sites added
Privacy Tab – “Accept all cookies”, Turn on Pop-up Blocked disabled, Microsoft sites added
Have uninstalled IE 11 and reinstalled using “dism” command.
When trying to setup Exchange Online O365 email account in Outlook 2013 (we have since installed 2016 to see if it by passes IE but same thing) it won’t allow you to get to the sign on page for modern authentication as it comes up with the “Script Error” message as well as the “blocked cookies” error message.
Outlook/Cookie error
*"We can't sign you in
Your browser is currently set to block cookies. You need to allow cookies to use this service.
Cookies are small text files stored on your computer that tell us when you're signed in. To learn how to allow cookies, check the online help in your web browser. "*
This happens with both the 2013 and 2016 version.
This has only been a problem since “Basic Authentication” was turned off permanently by Microsoft since Jan 24th. Previously Internet Explorer was not used in any capacity.
O365 emails were working fine in this environment previously using "Basic Authentication"
All i need to do is get the email accounts authenticated in Outlook so everyone can get back to work and once IE11 gets disabled in the next few weeks i hope to never have to deal with it again! Not sure if this authentication will change to Edge automatically with the coming Windows/Edge Update but we cant wait that long.
Thanks in advance
Other things i have tried....
Changed “Default Browser” multiple times.
Tested if cookies are enabled on all web browsers and IE11 is the only one that reports that they are disabled.
Have deleted cookies and browsing history.
Tried opening login.microsoftonline.com in compatibility mode IE11
Login.microsoftonline.com works in all other browsers
IE Enhanced Security Configuration has been turned off
Related
I have an add-in in Outlook that has the ReadWriteMailbox permissions, but when I call getCallbackTokenAsync({ isRest: false }, callback), the token I get back has no signature. Basically, the token I'm getting is in the format xxxxxx.yyyyyy (instead of xxxxxx.yyyyyy.ZZZZZZ).
This appears to have just started happening in the last 2 days, however, the last time I worked on this project was about 4 months ago so it may have started happening sometime before now, but I'm just now seeing the error.
The EWS server is Office 365 (https://outlook.office365.com/EWS/Exchange.asmx).
I have also noticed that calling getCallbackTokenAsync has returned the same token, minus the signature the last 2 days.
After almost pulling my hair out with this, I got it to work.
The original problem of getting an invalid JWT was the culmination of several problems (or suspected problems). The JWT was actually valid, although expired, but when I dumped the value out to the F12 tools console while debugging, the value was truncated to 1024 characters. I discovered that here: https://stackoverflow.com/a/27844847/4520915. The JWT was expired because it was using a token from the cache instead of requesting a new one from EWS. I fixed that by by closing Outlook, clearing IE's cache, and re-opening Outlook as suggested by the Outlook Add-ins Team - MSFT.
The issue now was getting EWS to accept the token because I kept getting a 401 error ("Access is denied. Check your credentials and try again."). I discovered this was because I was running the add-in and the subsequent Azure Function that it utilizes on localhost. Apparently, EWS doesn't like localhost. After deploying the add-in to a development environment, we all good.
Thanks to the Outlook Add-ins Team - MSFT for their help.
I am analyzing code. It is a Wicket application using WebSphere form based authentication.
The program has the ibm_security_logout form mechanism implemented.
When being logged in, I copy the current URL to the clipboard.
When logging out using the form, I seem to be logged out. However, when using the copied URL, I am back in the GUI, being logged in.
So the session is still valid? How can I make sure I am actually logged out, and redirected to the login page when using 'old' URLs?
Thanks!
Check that security is enabled for applications in admin console, menu Security > Global security, checkbox "Application security".
Check that there is no security interceptor in menu Security > Global Security > Trust association > Interceptor
Connect to your application using Chrome or Firefox and open "developer tools" panel. Check what happens when you click on logout:
in network tab, browser should send GET request to ibm_security_logout url
in Websphere answer, there should be header Set-Cookie:LtpaToken2="" which should remove LtapToken2. LtpaToken2 is basically session cookie for Websphere.
Look at your cookies using developer tools. LtpaToken2 should not be there anymore.
If step 1 is not OK: your client application logout button is not properly implemented.
If step 2 is not OK: there should be an error in Websphere log file.
If step 3 is not OK (very unlikely): there might cross-domain error, meaning the cookie was set for another domain name.
I am using a php script to connect imap.gmail.com, I have a paid google app account. It was working but after some time I am getting following error
it says I have to login from browser but my CentsOS vps server does not have a browser its command prompt only
I am using mydomain.com
Fatal error: Uncaught exception 'ImapMailboxException' with message 'Connection error: Can not authenticate to IMAP server: [ALERT] Please log in via your web browser: https://support.google.com/mail/acco' in /xxxxxx/classes/ImapMailbox.php:51 Stack trace: #0 /home/theluxla/public_html/_backoffice/mailpilot/classes/ImapMailbox.php(42): ImapMailbox->initImapStream() #1 /xxxxxx/classes/ImapMailbox.php(114): ImapMailbox->getImapStream() #2 /xxxxxx/mail.v3.php(28): ImapMailbox->searchMailbox('ALL') #3 {main} thrown in/xxxxx/classes/ImapMailbox.php on line 51
Google replied to me:
Thank you for your message. I understand you're having issues connecting your application with our IMAP server, I'll be happy to help. I didn't want to bother with a call this early, reason why, I'm sending this email instead
In this case, it seems this error is related to the access to "Less secure apps" disabled for the user you're trying to connect via IMAP. Please follow these steps to solve this issue:
In your Admin Console, follow the steps available at this support article https://support.google.com/a/answer/6260879?hl=en under the section "Enabling less secure apps to access accounts".
Log in as the affected user and follow the steps to "Allow less secure apps to access your account" as described at this support article https://support.google.com/accounts/answer/6010255.
I hope this information is helpful. Your case will remain open for three business days and it will auto close if no reply is received. Feel free to reply to this message if you need more help, I'll be happy to continue assisting you.
Sincerely,
David
In may case, Gmail block my server IP
So do the below step to solve this thing.
You need to first Sign in - Google Accounts
https://accounts.google.com
You probably need to go here and follow the instructions:
https://accounts.google.com/b/0/DisplayUnlockCaptcha
Change Gmail accounting setting:-
Enable IMAP.
Status: IMAP is enabled
https://myaccount.google.com/u/2/security-checkup?utm_source=google-account&utm_medium=web&continue=https%3A%2F%2Fmyaccount.google.com%2Fu%2F2%2Fsecurity
In the “Third-party access” tab turn ON less secure app access
Try to access, you will still be denied
https://myaccount.google.com/u/2/security-checkup?utm_source=google-account&utm_medium=web&continue=https%3A%2F%2Fmyaccount.google.com%2Fu%2F2%2Fsecurity
in the “Recent security events” tab you will find a note about your last access, tell that it was you and you will be able to access
In my case none of the proposed answers helped. All options were checked: IMAP -enabled, Less secure apps - enabled, this instruction: https://accounts.google.com/b/0/DisplayUnlockCaptcha also didn't work.
POSSIBLE PROBLEM: use of multiple Gmail accounts (when you connected to many Gmail account and can switch connections). Also if you use the browser like Chrome with profile signed to one of the Google Accounts. In my situation the instruction: https://accounts.google.com/b/0/DisplayUnlockCaptcha didn't work, because I was primarily using browser Chrome profile of my personal Google account, but was working on connection 3rd party app that was using another Google account.
MY SOLUTION. I've added another Chrome profile (corresponding to 3rd Party Gmail Account), switched from my personal profile to working one. And only after that the instruction of https://accounts.google.com/b/0/DisplayUnlockCaptcha gave the positive result. Hope it will save few hours for you.
I'm trying to connect from Team Explorer Everywhere command line client on Windows to a Team Foundation Service project at visualstudio.com, but I get "access denied" messages.
The username and password I'm passing are definitely correct, and are the email and password from my microsoft live ID used to create the account. I have no problems accessing the service through the website, or via Visual Studio 2012 on a different machine.
tf workspace /new /server:https://<something>.visualstudio.com/defaultcollection
Username: example#microsoft.com
Password: ********
Any ideas? One thought I had was that maybe the '#' character in the e-mail was causing the username to be interpreted as a Windows domain, or that maybe SSL wasn't being used correctly?
You cannot authenticate with a Live ID using the Team Explorer Everywhere command-line client. We cannot raise a web browser from the client and capture the Live ID authentication tokens in a secure way across platforms.
Instead, you need to set up alternate credentials as described at https://tfs.visualstudio.com/en-us/home/news/2012/aug-27/ .
If anyone is has received this error after March 18th 2014, this is because the password requirements for visualstudio.com have been tightened.
If all of a sudden you get this message 'Failed to erase credential: Element not found
fatal: Authentication failed for 'https://*.visualstudio.com/defaultcollection/_git/*/''
I was able to solve it by deleting my alternate credentials, and recreating them (at which point I also found out my old password wasn't usable anymore).
Is there a way to find out if the Remote API is enabled on our Confluence installation if I do not have admin rights to our confluence
I can see the WSDSL, but while testing with this downloaded client I keep timing out on login. I can not contact my administrators without going through god knows how many channels so I'm hoping there's another way to know if the Remote API is enabled.
To check if the confluence API is enabled without admin access:
Try accessing http://<your-confluence-server>/rpc/xmlrpc
If the API is enabled, you will simply get a blank page.
If the API is disabled, you will get an error "HTTP Status 403 - Remote API is not enabled on this server. Ask a site administrator to enable it."
This is at least applicable in my Confluence 3.2 environment.