I want to enable Windows Authentication for Bonobo Git (version 6.3). I modified the web.config and enabled Windows Authentication as shown below. Post that, I created Windows User (e.g. - xyz) on the server (where Bonobo Git is installed) and also in Bonobo Git application. When I login with user 'xyz', then it is not getting authenticated and the error it says "Failed to find user xyz"
<add key="AuthenticationProvider" value="Windows" />
<add key="ImportWindowsAuthUsersAsAdmin" value="false" />
<add key="MembershipService" value="Internal" />
Related
I'm using sustainsys.saml2.httpmodule. I would like to run some code to log the logout from an IDP initiated single log out. The user also does not seem to be logged out (IsAuthenticated is still true) after an IDP initiated single log out even though https://stubidp.sustainsys.com/Logout gives me a success result.
I can't seem to find anyone else needing the same functionality or having the same issues. My Sustainsys config is below.
<sustainsys.saml2 entityId="http://localhost:53758/Saml2"
returnUrl="http://localhost:53758/Common/Pages/Saml2Login.aspx"
authenticateRequestSigningBehavior="IfIdpWantAuthnRequestsSigned"
validateCertificates="false"
publicOrigin ="http://localhost:53758/">
<nameIdPolicy allowCreate="false" format="Unspecified"/>
<metadata cacheDuration="PT1440M" wantAssertionsSigned="true">
<organization name="ab" displayName="ab" url="https://www.example.com/" language="en" />
<contactPerson type="Technical" email="a#b.com" />
<requestedAttributes>
<add friendlyName ="Some Name" name="urn:someName" nameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true" />
</requestedAttributes>
</metadata>
<identityProviders>
<add entityId="https://stubidp.sustainsys.com/Metadata"
signOnUrl="https://stubidp.sustainsys.com"
logoutUrl="https://stubidp.sustainsys.com/Logout"
allowUnsolicitedAuthnResponse="true"
binding="HttpRedirect"
wantAuthnRequestsSigned="true">
<signingCertificate storeName="CertificateAuthority" storeLocation="CurrentUser"
findValue="cdf7090a433561a843b51198b0ba6456" x509FindType="FindBySerialNumber" />
</add>
</identityProviders>
<serviceCertificates>
<add storeName="CertificateAuthority" storeLocation="CurrentUser" findValue="2cfe21cb930c19a341e9e30a07a3c123" x509FindType="FindBySerialNumber" />
</serviceCertificates>
</sustainsys.saml2>
You can use the LogoutCommandResultCreated notification. It will get called both when the redirect to the Idp is about to happen as well as after the response has been received from the Idp.
currently We have CAS SSO to our existing .net application, but now client is asking for Shibboleth SSO instead CAS. I'm totally new to Shibboleth.
Client has given the below details:
entityid= urn:mace:incommon:xxx.edu
metadata URL for test environment is:
https://shibboleth-test.xxx.edu/idp/shibboleth
By using guidelines from Shibboleth site, below are the steps i followed.
Installed Shibbolth Service provider (shibboleth-sp-2.6.1.4-win64.msi)
Installed Java with JCE
Installed Shibboleth Idp (in which jetty also checked)(shibboleth-identity-provider-3.3.3-x64.msi)
Web Application with self signed certificate
attached my Shibboleth2.xml file
<SPConfig xmlns="urn:mace:shibboleth:2.0:native:sp:config" xmlns:conf="urn:mace:shibboleth:2.0:native:sp:config" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" clockSkew="180"> <InProcess logger="native.logger"> <ISAPI normalizeRequest="true" safeHeaderNames="true">
<Site id="2" name="shibboleth-test.xxx.edu" scheme="https" port="443" />
</ISAPI> </InProcess> <RequestMapper type="Native"> <RequestMap> <Host name="shibboleth-test.xxx.edu" scheme="https" port="443">
<Path name="secure" authType="shibboleth" requireSession="true"/>
</Host>
</RequestMap></RequestMapper><ApplicationDefaults entityID="urn:mace:incommon:xxx.edu" REMOTE_USER="eppn persistent-id targeted-id" cipherSuites="ECDHE+AESGCM:ECDHE:!aNULL:!eNULL:!LOW:!EXPORT:!RC4:!SHA:!SSLv2"> <Sessions lifetime="28800" timeout="3600" relayState="ss:mem" checkAddress="false" handlerSSL="true" cookieProps="https"> <SSO entityID=""urn:mace:incommon:xxx.edu" discoveryProtocol="SAMLDS" discoveryURL="https://ds.example.org/DS/WAYF"> SAML2 SAML1 </SSO>
<!-- SAML and local-only logout. -->
<Logout>SAML2 Local</Logout>
<!-- Extension service that generates "approximate" metadata based on SP configuration. -->
<Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>
<!-- Status reporting service. -->
<Handler type="Status" Location="/Status" acl="127.0.0.1 ::1 <my system IP">/>
<!-- Session diagnostic service. -->
<Handler type="Session" Location="/Session" showAttributeValues="false"/>
<!-- JSON feed of discovery information. -->
<Handler type="DiscoveryFeed" Location="/DiscoFeed"/>
</Sessions>
<Errors supportContact="root#localhost"
helpLocation="/about.html" styleSheet="/shibboleth-sp/main.css"/> <!-- Map to extract attributes from SAML assertions. --> <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>
<AttributeResolver type="Query" subjectMatch="true"/> <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>
<CredentialResolver type="File" key="sp-key.pem" certificate="sp-cert.pem"/>
</ApplicationDefaults>
<SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>
<ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>
</SPConfig>
Problems I'm facing......
When i try to access https://shibboleth-test.xxx.edu/Shibboleth.sso/Status
getting error no metadataprovider available.
Noticed Problems:
1.when i try to add Metadataprovider Shibboleth daemon 2 service is getting
stopped and unable to start.if i remove it's is running.
2.Shibboleth Idp 3 deamon is getting stopped very frequently
When i run 'SC interrogate shibd_idp' in command prompt, results are
control service failed 1062
the service has not been started.
I donno what is wrong with my work.
Can any one please tell me what are the steps to be followed to accomplish this integration.
Thanks in advance,
Hema
There will be a tag in shibboleth2.xml called metadata provider, you will need to open that.
If you have done this but shill service is not getting started then you can check the log and give additional info in question.
Another reason I can think of is connection problem. Try downloading idP's metadata and store it physically in the SP configuration folder. Manually map the file, using following tag
<MetadataProvider type="XML" file="partner-metadata.xml"/>
All the issues has been resolved after we upgraded from Shibboleth 2.6 to 3.0.2. we are getting the Shibboleth Identity provider login page.We are able to see the attributes in Session.Now we are working on how to retrieve the attributes in our application and how to redirect to our application home page.Currently we created 1 sample html page under secure folder in our application. once we logged in we are able to this html page.But when i tried to redirect to our application home page, it's giving 500 error. Can any one knows like how to redirect to our app home page and retrieve the attributes in the application.
I am trying to include SSO with office 365 for one of our web applications.
the problem is that as soon as SSO is working all my postbacks are getting ignored.
what I did was the following,
I installed those Nuget Packages
- Microsoft.Owin
- Microsoft.Owin.Host.SystemWeb
- Microsoft.Owin.Security
- Microsoft.Owin.Security.Cookies
- Microsoft.Owin.Security.OpenIdConnect
- Owin
I created an app in my AAD
then I've added some settings to my web.config
<add key="ida:PostRedirectUri" value="http://localhost:4439" />
<add key="ida:ClientId" value="XXXXXXX" />
<add key="ida:AADInstance" value="https://login.microsoftonline.com/" />
<add key="ida:Tenant" value="XXXX.onmicrosoft.com" />
<add key="ida:PostLogoutRedirectUri" value="http://localhost:4439" />
and I added Startup.vb to my solution with the following content
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType)
app.UseCookieAuthentication(New CookieAuthenticationOptions())
app.UseOpenIdConnectAuthentication(New OpenIdConnectAuthenticationOptions() With {
.ClientId = clientId,
.Authority = authority
})
app.UseStageMarker(PipelineStage.Authenticate)
and after this the SSO works however al postbacks on buttons fail
if I click a button the page just gets reloaded.
also the IsPostBack parameter is alwayst false.
What I found was that when I remove the "app.UseOpenIdConnectAuthentication" part, postbacks are working again, but SSO is not.
how can I make sure my postbacks are working and I can also use UseOpenIdConnectAuthentication ?
thank you.
I found the issue,
in my web.config I had
<modules runAllManagedModulesForAllRequests="true">
in system.web
removing the key "runAllManagedModulesForAllRequests" solved the problem
<modules>
Installer installs windows service.
I provide form to user to select one of accounts to start the service:
Local service
Local System
Network System
User account
When I select User and enter Domain\Administrator account + pwd during the installation, service cannot be started.
When I select Local Service it started ok. After this I can change manually account to the same Domain\Administrator account and it started ok.
Why such different behavior?
How I can start service during the installation under any users' account?
Take a look at the Util Extensions User element. You can set the CreateUser attribute to no, the Name attribute to the [PROPERTY] that you are using in your UI for UserName Input and the LogonAsService attribute to yes. This will instruct WiX to grant your user the LogOnAsService right without having to write a custom action to call ntrights.exe.
Here's a sample as requested:
<?xml version="1.0" encoding="utf-8"?>
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi" xmlns:util="http://schemas.microsoft.com/wix/UtilExtension">
<Product Id="*" Name="Setup" Language="1033" Version="1.0.0.0" Manufacturer="test" UpgradeCode="5c6b0f52-d024-4f1b-bfae-2dbb96b3ef15">
<Package InstallerVersion="200" Compressed="yes" InstallScope="perMachine" />
<MajorUpgrade DowngradeErrorMessage="A newer version of [ProductName] is already installed." />
<MediaTemplate EmbedCab="yes" />
<UIRef Id="WixUI_Minimal" />
<Feature Id="ProductFeature" Title="Setup" Level="1">
<ComponentRef Id="serviceComponent" />
</Feature>
<Directory Id="TARGETDIR" Name="SourceDir">
<Directory Id="ProgramFilesFolder">
<Directory Id="INSTALLFOLDER" Name="Setup">
<Component Id="serviceComponent" Guid="380bbddd-daa7-0744-517b-37da768f5570">
<File Id="serviceFile" Source="$(var.WindowsService.TargetPath)" KeyPath="yes" />
<ServiceInstall Id="serviceInstall" Name="WindowsService" DisplayName="WindowsService" Start="auto" Type="ownProcess" ErrorControl="ignore" Account=".\serviceaccount" Password="p2Ekutrekac34ph2" />
<ServiceControl Id="serviceControl" Name="WindowsService" Start="install" Stop="both" Remove="both" Wait="no" />
<util:User Id="user" CreateUser ="yes" Name ="serviceaccount" Password="p2Ekutrekac34ph2" LogonAsService="yes" UpdateIfExists="yes" RemoveOnUninstall="yes" PasswordNeverExpires="yes" FailIfExists="no" Domain="[ComputerName]" CanNotChangePassword="yes" Disabled="no" PasswordExpired="no"/>
</Component>
</Directory>
</Directory>
</Directory>
</Product>
</Wix>
You need to make sure that the selected user account has the right to log on as a service. It doesn't matter if you are an Administrator, you cannot install services for an user without giving him the log on right.
If setting this policy works, you also need to do it dynamically during install. A solution is to use ntrights.exe as a custom action. This custom action can use your custom properties which contains the user account information.
In case anyone wonders why the code from #Christopher Painter his answer didn't work. I had similar code that didn't work with error 1923.
Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
MSI (s) (10:08) [15:55:00:161]: Product: '' (64 bit) -- Error 1923. Service '' () could not be installed. Verify that you have sufficient privileges to install system services.
Until I found that services.msc dialog needs to be closed during installation.
No idea why, but it works.
During development services.msc was open all the time, so I never noticed.
I create asp .net page and i have use windows user to authenticate.
<authentication mode="Windows" />
I create simply page with one label and display information.
if (Page.User.Identity.IsAuthenticated)
{
Label1.Text = "Authenticated = 'TRUE'<br/>";
Label1.Text = Page.User.Identity.Name;
}
else
{
Label1.Text = "Authenticated = 'FALSE'<br/>";
}
I often get Authenticated = 'FALSE'
How configure web.config and WebMatrix to take user from Windows?
Probably you published your web site without changing authentication on the corresponding virtual directory of IIS.
You should deactivate "Anonymous" authentication and activate "Windows" authentication. The existence of <authentication mode="Windows" /> line in web.config is not enough for IIS. Moreover "Windows" authentication must be installed of cause (see for example this for more information).
try
<appSettings>
<add key="enableSimpleMembership" value="false" />
</appSettings>