I need to launch a Confluence page from another website. The Confluence page is access protected and I need to do the authentication before the page is launched so that Confluence doesn't ask for a username/password.
Is there a way to get this done?
You are looking for application links. There is a good post on Atlassian about how to preform authentication from one app to another by passing the authenticated headers upon request.
Related
I am very new to IdentityServer and Open ID Connect and most of what I know comes through the three walk throughs in the Overview section of the IdentityServer3 documentation. All of those samples demonstrate how to use the Authorize attribute to secure a controller action, which results in a redirect to the IdentityServer-hosted login page. What is the typical or recommended way to provide a Login link in the client application? Could my client application have it's own login page and then call IdentityServer to validate the login and provide a token? If so, is there a sample that shows this? If not, is there a way to have the login link in my application bring up the IdentityServer login page? Is it as simple as securing the Login action with an Authorize attribute?
I don't think it is right that client has its own login page. Imagine you use Facebook as identity provider, and would you expect facebook users to enter their Facebook crediential on your login page?
One method is what you described using server side challenge redirect, or configure your app as a Javascript implicit client - see example , which it builds up authroize challenge URL. Either way user sees login page from identity server.
Ok so I am wanting to add the ability for users to use their facebook accounts to register to a site. I have gone through the dev files and various tutorials online. The issue is that no matter what method I follow I have yet been able to get it to work.
I have tried using source from here as well:
http://www.masteringapi.com/tutorials/how-to-use-facebook-registration-plugin-as-your-registration-system/15/
Is there some dependency that I need for the site, some other system for facebook to load right?
Here is the test version of the site: http://ohmsgaming.com/Misc/nstdt/v2/
Your page show an error like "'redirect_uri' should be an absolute url."
Use absolute Uri in redirect Url field of request query to fix the issue.
You can use Open Authentication technique to set up authentication system in your site. And once the user is authenticated you will get the publicly shared information of the user. This information can be registered in website at first login.
I successfully implemented the same in http://www.nowrunning.com using brickred's social auth code.
http://code.google.com/p/socialauth/wiki/GettingStarted
I have confluence, jira and my own developed jsf application connected to crowd. This enabled SSO over the three applications.
When not logged in and requesting a url deep inside confluence, I get redirected to the confluence login page. I do the login and I get redirected to the previously demanded page. This is good.
But when I call a url from my own developed application (and I'm not logged in) I get redirected to the confluence login page (thsi is correct) but afterwards I get redirected to the confluence home page in stead of the page (my app) I initially requested.
How can I get the same behaviour in my own app?
Added some explanation about the integration:
code to see if a valid crowd token exists
authenticated = HttpAuthenticatorFactory.getHttpAuthenticator().isAuthenticated(
(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest(),
(HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse());
Ok, I solved it. It was my app that redirecte to welcome page of confluence. So I added a os_destination= myself.
TL;DR version:
Can you authenticate with Facebook without having a callback URL for a web application since the web application isn't actually running on a server.
Full explanation:
I'm working on building a connectedTV platform application where the "app" itself is a bunch of HTML/JS/CSS running locally (like File -> Open on your desktop browser) and I'd like to integrate Facebook into this.
The problem is that all of Facebook's OAuth calls for the web require you to have a callback URL to redirect the user to in order to complete authentication. Here's the gotcha -- there is no URL for this application -- it's a locally running webpage on the device.
I know this is what out-of-band authentication was designed for, but I can't seem to find any documentation on how to use this (or how to do a non-callback OAuth flow) with the Facebook OAuth system.
You're describing desktop authentication or any situation where you are authenticating to FB without a server. The redirect URL you pass to the OAuth dialog is https://www.facebook.com/connect/login_success.html When the browser redirects you can get the access token. You can read all about it in the FB documentation, way at the bottom in the Desktop Apps section (https://developers.facebook.com/docs/authentication/)
Just reread your question and since the application runs inside a browser you will need to open another window to authenticate and get the access token from that.
If you're doing HTML/Javascript, use their Javascript SDK. You can log the guy in simply by using FB.login and getting the access token from the callback from that.
I really don't think this is directly possible. Unless there is something totally undocumented, Facebook has no mechanism to send authentication data except by loading a url. I'm sure it's meant at least partly as a security measure, functioning as sort of a "whitelist" of where auth data will be sent.
The only way I can think of for you to work around it might be to set up a url on a server somewhere that could answer the redirect and store the auth data, and have your client-side code poll that server to get it. Kind of a proxy authentication service, in effect. You would probably have to open a second browser window with the Facebook auth screen in it, but in theory it could work.
I am creating a SaaS that will allow users to interact with it via their web applications. I would like to create a CAS type login mimicking Facebook connect so when you click the 'Login' button on the users website it will popup a window for you to login with my SaaS credentials.
I do not want the SaaS users site to be able to access the users login credentials so this is why I thought of CAS. However, it doesn't look like Facebook Connect redirects to the CAS server. It looks like they just popup a window to the facebook login then create a cookie once the user successfully logs into facebook. How then does the Facebook Connected site access that cookie?
I am wanting to basically be able to keep the end user on the current website without being redirected to my login application. I would like to mimic what facebook does with just popping up a little window and have them login then refresh the page after they login but I am not sure how to go about this.
Any ideas?
Facebook uses a third party cookie: they set a cookie on your domain that you can access to get the necessary credentials.
EDIT: the easiest example would be to look at PHP's setcookie function. Notice that there is a domain parameter. If you change the domain to match the domain of the actual website that initiated the authentication action then you'll be able to set a third-party cookie.
Note that on IE there are certain headers the domain that initiated the authentication action needs to set to allow your third-party cookie to be set. See http://www.spamcollect.com/archives/33 for a short writeup of how that works.
If you are working in a different language you'll need to use whatever cookie management functions they offer.
Another option may be to do this with CAS programmatically using the REST client.
https://wiki.jasig.org/display/CASUM/RESTful+API
In this way you could take the users details and login to CAS without being redirected.
Facebook uses Cross Domain communication which is what I will be using.