Own authentication service uses too late - typo3

Once again I created my own authentication service. This is registered and is also called. After submitting the login form (EXT:felogin) you get back to the same page - but Felogin continues to show the login form. After a page reload, the logged-in state is recognized correctly and the status display is displayed.
The same form works correctly with a normal, local FE user.
When debugging authUser() correctly returns 200.
What could that be?

Besides returning 200 by authUser(), having a valid FE-User (at least with uid, pid, username, usergroup) is necessary. My FE-User was broken.
TYPO Documentation - Authentication services:
One important thing to know is that the TYPO3 CMS authentication process needs to have users inside database records (“fe_users” or “be_users”).

Related

Where else can I find alternate login URL aside from $CFG->alternateloginurl

I'm currently troubleshooting a login issue for a deployed Moodle. Login page uses an alternate page which I have managed to identify. The alternate page considers everything except successful login as invalid or expired login or password.
Since some correct login and password are also getting the same issue.I am trying to restore the Moodle instance to use its default login page but did not find any $CFG->alternateloginurl configuration set in moodle.php. Kindly please provide any pointers you can think of on where to look next to restore the login page.
PS: I've also searched within the active theme, and there has not been any code changes. Uses a variant of Moove
Thank you
Rest assured that its a common issue
https://docs.moodle.org/401/en/Managing_authentication#Alternate_login_URL
There is an entry in the database
SELECT *
FROM mdl_config
WHERE name = 'alternateloginurl'
Note the value, just in case, then blank it out
UPDATE mdl_config
SET value = ''
WHERE name = 'alternateloginurl'
Then purge the cache to update Moodle
php admin/cli/purge_caches.php
When you do manage to log in, check which other authentication methods are active via
Site administration > Plugins > Authentication > Manage authentication
https://docs.moodle.org/401/en/Managing_authentication
The default methods are manual and email self registration
Although self registration is disabled by default in the settings on the same page (registerauth)

.HttpContext.User is null after successful login from SAML Identity Provider?

Trying to retrofit an old webforms application.
Got my configuration working so that it's prompting for login and successfully redirecting back to the application. The folks that manage the IP can see the response is generated.
However in the callback to my application the User is null. I'm told if it's configured correctly it should be populated.
We have a custom IHttpModule and that is where I can see getting hit with the call to /Saml2/Acs with the User not populated. I think this may be expected as the handler for that is supposed to populate the User, I think? However the following call (the returnUrl configured in sustainsys.Saml2) still has no User and I don't see any sort of error or anything.
Anyone with experience have an idea how to debug this?
The call to /Saml2/Acs should be taken care of by the Sustainsys.Saml2.HttpModule. It will process the response and then call the SessionAuthenticationModule to set a cookie that preservers the User across calls.
To get some more information about what's happening in the library, you can assign an implementation of ILoggerAdapter to Sustainsys.Saml2.Configuration.Options.FromConfiguration.SPOPtions.Logger to get some logging output from the library.
My issue turned out to be that I had another authentication module loaded before SessionAuthenticationModule and Saml2AuthenticationModule in the web config.
The comment in the example was
Add these modules below any existing. The SessionAuthenticatioModule
must be loaded before the Saml2AuthenticationModule
However in my case with I had another authentication module involved that needed to go last.

oracle apex 5: how to navigate to some other page (not default home page) after login

I'm using oracle apex 5.
From the application, I'm sending mails for different users with different page links based on user roles.
For example, my app_id is 222.
For an user: the url link sent to user mail id is <hostname>:<port>/apex/f?p=222:5
For a manager: the url link sent to user mail id is <hostname>:<port>/apex/f?p=222:7
In Chrome it works fine, as the user or manager goes to link and after login, they are redirected to respective pages as 5 or 7.
But in IE, it always goes to Home page which is 1.
I have tried with APEX_CUSTOM_AUTH.LOGIN in the after submit branch pl/sql procedure of login button as well (of the login page ).
BEGIN
APEX_CUSTOM_AUTH.LOGIN (
P_UNAME => :P101_USERNAME,
P_PASSWORD => :P101_PASSWORD,
p_session_id => V('APP_SESSION'),
p_app_page => :APP_ID||':7'|| :p_session_id);
END;
Again it works good in chrome, but NOT in IE.
In IE, it always goes to home page. IE version is 11. Why in IE, it's not able to goto the page needed?. Please help.
(Chrome version 54. By the way how it works good in chrome?).
This is not academic solution but will work.
Set a parameter in your application to know if people comes from a mail or normal login.
Set a parameter in your application where you store the value from the link in the mail.
Now the magic, do a Dynamic Action on Page Load and use JS to redirect to the desired page, obviously the DA has to be conditional and the condition must be the parameter where you came from.

Loopback login with phone as username and verification

I've extended the User model in my loopback application, and added phone number as a login method, I use the username field to do this, the only deal is that on login I get the 'email not verified' error, I have my own phoneNumberVerified field, and have overwritten the confirm method to validate the token against the emailVerificationToken and against the phoneNumberVerificationToken and update the corresponding flag, I thought of overwriting the original login method to not allow login only if both emailVerified and phoneNumberVerified fields are false (not just the email) but I don't know how to actually do the login the way loopback does it (I believe it creates an AccessToken or something), and I'm asking for some help on how to do this, thanks XD. I can do the overwriting and validations myself I just need to know how to do the actual login without using the original login method, since I'll be rewriting it.
So I figured out that I actually don't need email or phone number verified validation at all on login (later on the workflow will be required, but that'll be another use case, so it's irrelevant on login to me now XD). So when I was looking on how to overwrite the login method I realized that all the models code it's on the node_modules folder xD
node_modules/loopback/common/models/user.js
And found there in the login method a flag that validates if should check email verified or not, so on my startup script I just put this:
app.models.MyUser.settings.emailVerificationRequired = false;
That stops the email verified validation on login.
And maybe if some of you would like to override the login method I believe copying the whole method from the original user model up there and attaching it to your model and doing some modifications might work xD, it invokes the createAccessToken from the user model (itself) and that's what I believe creates the 'login', what I came to understand is that there is no "session" data, it creates an accesstoken when you successfully login, and as I've been doing just sending the token id to every request 'authenticates' your logged user.
Thanks for reading, have a nice day :)

Issues with Programmatically login into Spring Security. Jsession ID comes with .undefined suffex

Following is the code i'm using for prog login for my application.
UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(userName, passWord);
token.setDetails(new WebAuthenticationDetails(request));
authentication = authenticationManager.authenticate(token);
LOGGER.debug("Logging in with [{}]"+ authentication.getPrincipal());
SecurityContextHolder.getContext().setAuthentication(authentication);
after this a model is returned (without changing URL, i can see usename n role here). on that view, there is a form. which submits to another link with role permission same as of current user.
but when user submits the form then spring redirects it to login page and invalidate the session.
I have checked and found that jsession is is appended with .undefined (mS5YoJL3YfznQNuItNUeiLd6.undefined) and i suspect that this must be the problem.
I've checked it, and undefined was coming because of Jboss AS 7.1 and this whole issue was coming because I was not creating session while auto login. I have changed the code and its running perfectly. Thanks for your response. –