How to change landing page for particular group.
For example, I have a group DAM users, I want only this group to redirect to particular landing page and not all the groups, which have standard landing page as mentioned in ROOT MAPPING.
You will have to write custom code to achieve this.
If you are using/extending AuthenticationHandler then you could look at implementing AuthenticationFeedbackHandler where you could provide custom implementation on the redirects. For reference also look at DefaultAuthenticationFeedbackHandler
You could have a service/configuration that provides group based redirect mapping and/or default redirect, for success use UserManager API to get logged-in User's instance and from that you can get group information. Use that to handle redirect on success.
final Session adminSession = adminResolver.adaptTo(Session.class);
final UserManager userManager = adminResolver.adaptTo(UserManager.class);
final User user = (User) userManager.getAuthorizable(adminSession.getUserID());
Iterator<Group> itr=user.memberOf();
while(itr.hasNext())
{
Group group=(Group)itr.next();
logger.info("group.getID().."+group.getID());
logger.info("group.getPrincipal().getName().."+group.getPrincipal().getName());
}
---------------------- Update Sample code----------------
There is a sample implementation in Adobe's ACS Common project and can be found here
Look at method - public boolean authenticationSucceeded(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationInfo authenticationInfo)
You could provide your implementation here instead of using DeferredRedirectHttpServletResponse. In you implementation you need to retrieve your URL/Path to redirect and send a redirect (make sure to path authentication info in the request wrapper so that the logged in state is carried on)
Related
In the new SPA (react and angular) web templates for .Net core 5. I'd like to fetch the current logged in User. However, when I try to get a user in the controller the User doesn't have anything populated.
Does anyone know how to achieve this with the new Identity Classes?
I've made a repo of the vanilla reactJS template, the only thing I changed is the line highlighted in my screenshot below to show there's no user set.
I've done a bit of googling and these pages are all I could find on the topic, unfortunately, they don't give enough detail for me to be able to implement anything practical.
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/identity-api-authorization?view=aspnetcore-5.0
https://learn.microsoft.com/en-us/aspnet/core/security/authorization/claims?view=aspnetcore-5.0
Backend:
ClaimsPrincipal currentUser = this.User;
var currentUserName = currentUser.FindFirst(ClaimTypes.NameIdentifier).Value;
ApplicationUser user = await _userManager.FindByNameAsync(currentUserName);
On the frontend if you need yo access it
//with UserManager
UserManager<ApplicationUser> UserManager
#{
var user = await UserManager.GetUserAsync(User);
}
// with SignInManager
SignInManager<ApplicationUser> SignInManager
#if (SignInManager.IsSignedIn(User))
To answer my own question.
In order to populate the User detail in the HttpContext you have 1 of 2 routes. Either change
services.AddDefaultIdentity<IdentityUser>();
to
services.AddIdentity<IdentityUser, IdentityRole>();
or you can continue to use the Core Identity
services.AddIdentityCore<IdentityUser>();
but then you also need to implement your own Microsoft.AspNetCore.Identity.ISecurityStampValidator and add it as transient services.AddTransient<ISecurityStampValidator, MyValidator>();
Your MyValidator implementation will be responsible for validating the cookie. You can see the default implementation here on github
Edit: Under the hood services.AddDefaultIdentity<IdentityUser>(); uses services.AddIdentityCore<IdentityUser>();. I feel like its importatnt to know this.
I have a situation where during login, after a user has entered their username/password, they would get transferred to an additional page where they would have to enter an additional field (or select something from a select box)
Today, I use a simple session id over a cookie. When a user enters their credentials I create a session, and after they had entered the field in the additional page, I update the session.
I was wondering what would be the best way to achieve something like that in Keycloak. I would also like to include that additional field in the token.
I guess the obvious way would be to keep my login frontend as it is now and use the direct credentials grant API that Keycloak provides, but I would rather avoid that.
Please advise.
Clarifications: Each user in the system can belong to multiple organizations. That additional field corresponds to the organization that the user logs in to. All applications that interact with the token have to be aware of that organization field
According to your requirements i would suggest following:
Continue with UserStorageProvider implementation. Refer to following docs. Your implementation should also provide list of available companies for every user. You can expose this list as an UserModel attribute.
Implement custom required action (components like that runs after successfully passed credential challenges) that will get list of available companies from UserModel object of authenticated user. Offer this list to user as separate login form, so after user submits his choice it will be persisted in user session note. As example check out implementation for UpdateUserLocaleAction and javadoc for RequiredActionProvider. Here is example of logic for storing selected company:
#Override
public void requiredActionChallenge(RequiredActionContext context) {
List<String> availableCompanies = context.getUser().getAttribute("companies");
... // form rendering
}
#Override
public void processAction(RequiredActionContext context) {
String company = context.getHttpRequest().getFormParameters().getFirst("selected_company");
context.getAuthenticationSession().setUserSessionNote("company", company);
}
Add UserSessionNote oidc mapper to required client (or to shared client scope), so it will extract 'company' note saved by required action implementation from step 2
???
Profit
I am implementing custom external identity provider and to do this I need to implement ExternalIdentityProvider class from jackrabbit.
http://jackrabbit.apache.org/oak/docs/security/authentication/externalloginmodule.html
In normal case you would need to pass j_username and j_password and you can get these from values SimpleCredentials object
My question is that since I need to pass additional form parameter say for instance linkedin ID in my case, how do I achieve that?
#Component(
policy = ConfigurationPolicy.REQUIRE
)
#Service
public class RDBMSIdentityProvider implements ExternalIdentityProvider {
#Override
public ExternalUser authenticate(Credentials credentials)
throws ExternalIdentityException, LoginException {
//i can get username / password from credentials object
//how to get additional parameters from http request object?
}
Any input is highly appreciated.
Thanks!
The correct way to handle this is to have a custom AuthenticationHandler which creates an instance of a specific Credentials object with whatever parameters you need in it.
That said, if you are integrating with LinkedIn (and this is in AEM), you would be better served by integrating with the existing OAuth AuthenticationHandler. There is OOTB support for Facebook and Twitter, but the OAuth provider is designed to be pluggable for different OAuth Service Providers.
how can i create a url for public profile page like this type
www.mywebsite/myname
and this url redirect me to may public profile page in mywebsite
where actual url may be of this type
www.ywebsite/user/publicProfile?uid=12 etc
You're best bet would be to go with ASP.NET routing.
http://msdn.microsoft.com/en-us/library/cc668201.aspx
Although to get where you could use a username instead of an ID in the URL you would have to do some additional querying behind on the page that has the public profile to get the appropriate ID for the specific user name.
Problem:
I have a webforms app where every page inherits from BasePage.cs
I also have another class AuthenticatedBasePage.cs which inherits from BasePage.cs
BasePage.cs has some code which finds out if a Forms Authentication cookie is set, and if so, sets a IsAuthenticated boolean flag and a MyAppUser object (only has properties such as name, age, gendery) which means every page on the site can see if the user viewing the page is logged in or not, and if so, read the values of MyAppUser.
AuthenticatedBasePage has an additional feature where if anyone tries to browse to a page inheriting from this class are not authenticated, they are redirected to the login page with a 'returnurl' querystring variable set.
I would to have a similar setup in my MVC2 app. I've done a fair bit of reading that says I shouldn't reference HttpContext in my BaseController.cs (which all my controllers inherit from) as that means I can't unit test it. My first question is, how can I make the IsAuthenticated and MyAppUser objects available to every page? Secondly, how do I create pages which only authenticated users can access, and if they are not authenticated, they get redirected to the login page with the returnurl querystring variable set?
Many thanks,
A.
P.S. I'm not using the MembershipSchema, I'm only using the FormsAuthentication.SetCookie method.
What you want is the Authorize attribute. This article has a great explanation of how to use it with forms authentication.