Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 3 months ago.
Improve this question
how to redirect user to specific custom login page using OIDC Provider interactions
I am trying to implement oidc provider application. It working with the default autorisation Endpoint(login page) I first redirect to : http://localhost:8003/auth?client_id=oidcCLIENT&scope=openid&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Flogin%2Fcallback&state=BuAAA9hAF0IMTKpJQH51h9ueu8StadrmeNS9-cm_w3Q&code_challenge=mjEOrgT5j4CvQHd8ZJlmw7kh9COUpnxzgbLsBsPbIMA&code_challenge_method=S256
and after redirect to http://localhost:8003/interaction/4CvQHd8ZJlmw7kh9CO. Now I want to redirect user on a spécifique custom login page like http://localhost:8003/urlto/custom/autorisation_endpoin
please I need a help.
my configuration
start:
end:
my OIDC provider instance creation
listen:
the following detail are my step to solve this problem
I create a new express project
I configure the created project
I follow oidc provider using exemple
Now I have full access to oidc provider implementation
Related
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 2 days ago.
Improve this question
I have a Flutter code that creates a new account using the Firebase Authentication library. However, even though the account is created successfully and I can even log in to it using another code, the account does not appear in the Firebase Authentication console. I have tried checking if I am connected to the correct Firebase project, looking for the account in the console, accessing the account again using the Firebase Authentication library, and making sure that the data I provided during the account creation process is correct. Despite all these attempts, the account does not show up in the console. How can I resolve this issue?
Checking that I am connected to the correct Firebase project.
Looking for the account in the Firebase Authentication console.
Accessing the account again using the Firebase Authentication library.
Verifying that the data I provided during the account creation process is correct.
Despite trying these steps, the account I created using Flutter and Firebase Authentication does not show up in the console.
Similar to this question Restrict Supabase Sign up to a specific domain ... I am needing to restrict signup to my SPA Supabase project to specific emails contained in a membership table. Work flow would be: web page has sign up form submitted - form's email address is checked to see if it is exists in a members table - if yes, proceed with sign up - if rejected, inform with message on the client. I know I could send sign up requests thru a backend similar to the other question's reply but the point of using Supabase is to take away the backend. Could I create a function/trigger similar to the previous question here: Restrict Supabase Sign up to a specific domain to solve this? Project is a Vue3 SPA. Thanks for any replies!
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 2 years ago.
Improve this question
As per I know, SSO is a one time login for all the applications connected.
But what does it mean that after sign-up user is always able to use the same device's auto login?
SSO means, you will have a single Identity Provider, which will provide authorization to multiple clients.
Your clients can be An angular app, React app, web api, mobile application etc.
OpenId connect(oidc) and oAuth 2 define how to do SSO. There are providers like Identiy Server 4, which implements what is specified by oidc and oAuth2.
I'm using Twiki and the SsoLoginContrib extension with Keycloak to set up SSO. The LocalSite.cfg settings require $TWiki::cfg{SsoLoginContrib}{AuthTokenName} but I don't know what that setting should be when using Keycloak. How do I find the AuthTokenName in Keycloak?
I've tried 'AUTH_SESSION_ID', 'KEYCLOAK_IDENTITY' and 'KEYCLOAK_SESSION' because they were set in the cookie after successful authentication with a Keycloak user.
$TWiki::cfg{SsoLoginContrib}{AuthTokenName} = 'KEYCLOAK_IDENTITY';
I would expect the authentication to succeed and redirect to the Twiki/bin/view/Main page but there is no redirect, only the Keycloak realms//account page for the authenticated user.
I tried to reach out for help and use the resources available but I get "please format your question properly."
I used the 'wizard' provided by stackoverflow and entered the information.
I searched the web using multiple search engines.
I really had hoped the community was mature and friendly enough to help but my expectations are obviously too high.
The times have changed, the internet is now full of arrogant brats that have grudges against the world because they were bullied for being nerds. I understand that.
I give up.
A customer of ours has just purchased CQ5 and would like to externalize all of its security. We'd like to use an STS server for SSO and then leverage a custom authorization/attribute provider instead of the CQ5 repository. Ultimately, we do not want to use LDAP in any way.
Here is how we envision this (some pieces already working):
User browses to CQ5 Dispatcher running in Apache
Apache filter redirects user to STS site where login is completed.
User is redirected back to Apache with SAML Claims.
User ID token is placed as cookie into browser. (everything is working up to here)
CQ5 captures that cookie based on the SSO configuration (working)
Problem starts here: From here, we want to call a custom authorization provider for the user's attributes, roles, groups etc...
We have tried to figure out how to do this and can't seem to find the missing link.
Do we need to create a custom login module? Do we need to create a custom principal provider? Do we somehow use the existing LDAP capability in CQ5 but have it call a custom class which leverages the external auth source?
If anyone here has any idea how to do this, their karma quotient would be full for the year if they could share it. I'm not sure if this is a basic thing you do with JAAS or even where to put my classes after I've created them.
We've worked really hard on this so far and seem to be close, but we keep hitting dead-ends.
Thanks so much if you have an idea where to begin!!
-joe
Recent versions of AEM now include the SAMLAuthenticationHandler which allows you to:
Redirect users to SSO to simulate IDP initiated login, or
Allow AEM to perform SP initiated login with IDP
Specify attributes to take from the SAML Assertion and add to the user's profile node (not sure if you can use this for groups)
Specify which groups users should be added to
Set a cookie called request-path that will store the URL the user arrived at, and then redirect them to that location when they're authenticated (ie. deep linking)
This makes relying on the SAMLAuthenticationHandler better than using Apache to redirect. The current version of the handler bundled with AEM 6.2 does not properly set the cookie when using the redirect method, but Adobe does have an updated version that they can provide that will fix that problem.
I normally recommend that clients do not have their own authentication handlers developed inside AEM.
When not using LDAP, this does create an issue where users will not exist until they've logged in. Additionally, when your architecture includes more than one load balanced publisher, it is possible that a user may exist on one server user synchronization.
Try searching the google group for SSO details. Here's one useful post:
http://groups.google.com/group/day-communique/browse_thread/thread/72c235c83a501252/fba4d08a90487156?lnk=gst&q=SSO#fba4d08a90487156
It seems that you will have to implement a custom LoginModule, more information here: http://dev.day.com/docs/en/crx/current/deploying/custom-login-modules.html