I have successfully implement okta login in my django app and it is working fine.
I have created okta account with xyz#gmail.com and i can successfully login to django app with that okta account and the same okta accout i have created okta and got the saml info.
But the problem is, when i try to login with another okta account, it doesnt work.
i have updated app assignment Group everyone, yet not working
Can anyone tell me what is the issue?
Related
We have integrated KeyCloak server with Azure Active Directory as Identity Provider for SSO Login.
Log-in is working fine. However we facing problem with log-out, When user logs-out from web application, from our backend server side code we are making REST call to Keycloak server for below API.
https://keycloaktest:8443/auth/realms/<realmName>/protocol/openid-connect/logout
for this REST call we are getting 204 status code as response.
However when User tries to log-in in application again from browser it does not ask to enter credentials (active directory credentials).
In order to log-out User. We have access below URL
https://portal.azure.us/#home
and click log-out there.
https://portal.azure.us/Account/SignOut
Is there anyway to achieve this in backend i.e. when User clicks logout from browser
Just ran across this myself. The answer provided here: Logout user via Keycloak REST API doesn't work worked for me. Try adding client_id and refresh_token to your /logout request.
I am integrating AD B2C as Identity provider for the FreshWorks by configuring SSO with OIDC in the Freshworks.
Configuration done in the Azure AD B2C:
Registered an application in the AD B2C Tenant
a. Get the redirect URL from Freshworks SSO with OIDC and added in the Redirect URI in the registered application
b. Id Tokens and Access Tokens check box is selected.
c. Enabled the public client.
d. Generate the client secret for the application
Added Microsoft as external IdP in the AD B2C tenant. Only one external IdP is enabled, local account is not enabled.
Created a SignupSign User flow
Tested the User flow, able to signup and sign-in using Microsoft Account (personal account). JWT token is generated with the claims sub, email, name.
Configuration done in the SSO with OIDC:
Get the ClientId and Client Secret of the Application registered in the AD B2C tenant and added in the SSO with OIDC configuration dialog
Navigate to AD B2C signup sign-in user flow OIDC configuration url and get the authorization_endpoint and token_endpoint, added those two in the SSO with OIDC configuration dialog
set the scopes as openid,email,profile
After doing all the above configurations, a new button is added in the freshworks login page. I have clicked that button, it navigates to the microsoft login page, after providing credentials and accepted the consent, it shows a form with profile information.
On clicking the continue button an account is created in the AD and redirected to the Freshwork page. It shows the below error in the freshworks login page.
The authorization code request is working, AD B2C post the authorization code to the freshwork redirect url. I hope the issue is with the get access token endpoint URL. I have tried the Get access token endpoint from the postman using the authorization code received from the first request, it gives the access token.
The postman screenshot mentioned is showing the IDToken and your freshworks application expect access token. Could you please validate the user flow with access token settings and also use the postman tool to get the access token. Please follow the below document for more requests.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect
I have integrated my angular app to allow users to login through their AD account. I have followed this article for the integration of AD FS with Keycloak.
I have integrated SSO with AD FS without Keycloak in past. Now I am unable to figure out how to achieve SSO when Keycloak is added in between the angular app and ADFS. I am always prompted for my AD username/password even though I have already signed in to another application webpage using the same AD account in a browser.
I want to know how to achieve SSO in this context and whether it is even possible to have SSO in such cases.
I'm working with Keycloak 3.4.3
I'm following this post https://www.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered-identity-provider-in-keycloak.html to configure my application to login with AD FS with SAML protocol.
My setup is an Angular 5 UI using the keycloak-js adapter. When the app starts I launch Keycloak.init({ onLoad: 'login-required'}) method for making the Keycloak login page appear. right now I'm able to login using email and password or by clicking the SAML SSO button and login through the AD FS login page.
What do I want to do? I want Keycloak to trigger the SAML SSO before showing the login screen, I mean, if in my pc I'm logged with and AD FS account I want Keycloak to log me in directly with this account and only get me to the login page if I'm not a member of the AD FS so I'm could be able to login via email and password.
Regards
It's possible to use GET request with kc_idp_hint param, and trigger SSO workflow manually:
GET /myapplication.com?kc_idp_hint=facebook HTTP/1.1
Host: localhost:8080
https://www.keycloak.org/docs/1.9/server_admin_guide/topics/identity-broker/suggested.html
I am new to CAS and single signon. Please correct me if my understanding is incorrect, below if what I understand about CAS.
I have 2 web applications
I setup CAS, and when I access URL of WebApp1, it shows me the CAS login page
I fill correct username/password
It takes me in WebApp1
From there I access WebApp2, and it works fine
What I need is as follows:
When I access WebApp1, I must see WebApp1 login page, not that of CAS
Let CAS generate some token for the session
Use this token to authenticate WebApp2 (which the way its working now - step 5 above)
Can someone suggest me how to achieve this?
I am using Java 1.6, CAS 3.4.11, Tomcat 6.
I've made a summary recently on how CAS works.
The principles are written there. Basically it is like this
Access The WebApp1
Show the CAS login page and authenticate
redirect to WebApp1
Now subsequently you do the following
Access WebApp2
the access request is redirected to CAS which without showing a login page authenticates the user
Always under the assumption that both WebApps are configured to use CAS as a login provider and CAS is setup to support both WebApps.
Now in the CAS way what you want to achieve is done like this:
exchange the standard CAS login page with your login page and your done