So I created a website which shouldn’t be publicly accessible. Therefore I added the keycloak js adapter. Everything works as expected and I am redirected when entering the website url.
But there is a problem. If I use wget on the js/images/css etc. I still can access them because no javascript code is executed and no redirect is performed. How can I make sure that only authenticated users can access these resources? The website is hosted on nginx.
Expected is:
User tries to download file
User is redirected to keycloak if not authenticated.
Solved see comment under original post.
Related
I integrate Google's Auth API in my production website.
When I enter the login page, it throws an idpiframe_initialization_failed exceptions to the console.
I found out that I can fix it by enabling that API / Cookies in my chrome browser, but I want to find a comprehensive solution that will prevent those exceptions in my production environment.
So my two questions are:
What do you suggest me to do in order to achieve that?
In general, what is the meaning of those excpections?
Thanks :)
If you have a production url like http://godaddysite.com etc host your page there with a Webserver.
Opening a htnl page from your computer with javascript doesnot work as it is not hosted on webserver.
Please check your redirect url etc when you created Oauth client.
Go to the Credentials page.
Click Create credentials > OAuth client ID.
Select the Web application application type.
Name your OAuth 2.0 client and click Create
check origins
create new OAuth with correct origins.
I'm using the extended accounts package 'accounts-facebook'. When I run my application locally, the login authentication procedure works after adding 'http://localhost:3000/_oauth/facebook?close' under Valid OAuth redirect URIs.
After deploying the application however, the login pop-up gives no error, but remains blank without completing the authentication procedure. I've tried adding 'http://www.algoloom.com/_oauth/facebook?close' and loads of possible variations to this, as some other forum discussions suggest, but the login procedure is never completed.
While I was testing my application in its deployed version, I managed to get Facebook login working by changing its ROOT_URL to 'http://www.algoloom.com:3010', in combination with 'http://www.algoloom.com:3010/_oauth/facebook?close' as a redirect URI. Now that I've set nginx to redirect to port 3010 by default, the 3010 disappears from the main website URL. As a result I've also set my ROOT_URL to 'http://www.algoloom.com'. This works fine for any other website functionality, but I can't seem to fix my my issues with Facebook login.
Any ideas on how to solve this?
I'm running Win Web Server 2008 R2.
I've got a site setup for development which I access on my test machine like this http://bossingway/
I'm trying to put the facebook login on this using their standard code they provide. I haven't added anything.
I've added http://bossingway/ to the SiteURL and it says the URL contains an invalid domain.
I've also tried adding it to Valid OAuth redirect URIs.
I keep getting the Given URL is not allowed by the Application configuration error from Facebook.
How do I get it to work on my testing server.
Looks like you're missing the top level domain, if your top level domain is '.com' for example, then you need to add 'http://bossingway.com'
I'm developing a website that is going to use Facebook authentication.
I'm using GWT and it works fine when I run the code compiled, but when I'm running the development it does not work.
The problem is when I'm trying to retrieve the access_token from Facebook.
I'm receiving the error below:
"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100}"
Obviously, the redirect_uri is identical as the login url one.
I found out (by this topic) that the problem is the last part of the url "?gwt.codesvr=127.0.0.1:9997".
How can I solve this? or how can I manage to use the GWT development mode with this problem?
Thanks,
Normally this is due to the url verification FB does.
When you register a new app in FB you have to configure the set of domains (App Domains) authorized to use the FB login form.
Unfortunately you cannot set 127.0.0.1 nor localhost as a valid domain, so you cannot use GWT dev-mode unless you configure a hostname in your domain pointing to your localhost.
If you set mydomain.com as a valid App Domain in your FB application, configure localhost.mydomain.com pointing to 127.0.0.1 in your local hosts file or in your DNS server. Then use http://localhost.mydomain.com:8888/myapp.html?gwt.codesvr=localhost.mydomain.com:9997 to run dev mode in your browser.
I found out the problem.
By encoding only the gwt.codesvr value it works.
However, using php urlencode function on it did not work, I had to encode it myself.
The gwt dev param ended like this "?gwt.codesvr=127.0.0.1%3A9997"
I am new to CAS and single signon. Please correct me if my understanding is incorrect, below if what I understand about CAS.
I have 2 web applications
I setup CAS, and when I access URL of WebApp1, it shows me the CAS login page
I fill correct username/password
It takes me in WebApp1
From there I access WebApp2, and it works fine
What I need is as follows:
When I access WebApp1, I must see WebApp1 login page, not that of CAS
Let CAS generate some token for the session
Use this token to authenticate WebApp2 (which the way its working now - step 5 above)
Can someone suggest me how to achieve this?
I am using Java 1.6, CAS 3.4.11, Tomcat 6.
I've made a summary recently on how CAS works.
The principles are written there. Basically it is like this
Access The WebApp1
Show the CAS login page and authenticate
redirect to WebApp1
Now subsequently you do the following
Access WebApp2
the access request is redirected to CAS which without showing a login page authenticates the user
Always under the assumption that both WebApps are configured to use CAS as a login provider and CAS is setup to support both WebApps.
Now in the CAS way what you want to achieve is done like this:
exchange the standard CAS login page with your login page and your done