I'm using the Rocket.Chat REST API for some automated user management. This was working great after I installed Rocket.Chat and my admin user had a username/password combo. Then, I activated the "iframe authentication" system in the admin panel. Now, when I try to use the REST API "login" endpoint, I get the error "User has no password set". Any ideas why this is happening? When I look at the user document in the MongoDB for Rocket.Chat, there is no "password" field (seems to have been deleted when I activated the iframe authentication).
UPDATE: I disabled the "iframe authentication" system and set a new password on my account. Looking at the DB now, that user has a "password" entry, so the password is there. But, now I can't log in because it says my password is incorrect. In summary, this software has a lot of bugs, it seems.
Related
I am trying to set up SSO between two Keycloaks. The target Keycloak, where I want to configure the SSO has user federation set up in place and the user management is disabled. I was thinking of configuring IdP brokering between my source Keycloak and the target Keycloak so that I can use the same authentication token.
I have configured login redirection and when I try to login to the target system, I was promptly redirected to the source Keycloak. Unfortunately, upon entering the username and password, I was presented with a dialog box stating that my user already exists and offering me to either Review the profile or Add to existing profile.
Initially, I thought it is because the user modification is disabled by the user federation. I have manually created the same username on the system, which is providing a list of the users but even with this in place, I am still unable to log in and am presented with exactly the same error message.
I've configured Keycloak authentication for the following behaviour:
The user inputs its userid
Keycloak should try to authenticate it with the passwordless flow
As an alternative the user could switch to password authentication
NOTE: The user already has a registered passwordless device:
The authentication flow has been configured as follows:
I access localhost:8080/realms/myrealm/account and click on Sign in:
I input the userid:
But, instead of being offered to sign up with the security device, I'm asked for the password:
If I select Try another way and click on Security Key:
I am now offered to login with the device:
Which I can do successfully.
The problem here is that I need the passwordless login to be offered directly, not the password form. Passwordless is actually configured as the first alternative option so why isn't it working as expected?
Looking at the code of AuthenticationSelectionResolver this seems to be intended behaviour.
Try to change the order/position of credentials for your user from within the admin console.
The order of credentials should affect the order in which alternative authenticators will be executed.
We've got an install of Azure Devops server that currently authenticates against our active directory server and authentication works, but it appears to do so by means of browser basic authentication (the browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such that users that have never logged in, actually get a login page... not just the basic authentication prompt in the browser.
I appreciate any input, I've used and administered azure devops in the cloud for a LONG time, but the devops server stuff I'm new to.
NOTE: I've played with IIS settings for authentication (enabling and disabling basic authentication and forms auth etc, but nothing really seemed to help there)
it appears to do so by means of browser basic authentication (the
browser modal prompt that asks for a simple user name and password).
I'm wondering if there is some way to configure authentication such
that users that have never logged in, actually get a login page... not
just the basic authentication prompt in the browser.
What's the login page do you mean?
1.If you mean the login page to connect to TFS web portal, as I know using basic prompt with username+password is the only appraoch.
Web Portal:
Only logic page:
2.But if you mean something used for authentication when accessing the code. I think you must be familiar with PAT which is widely used in Azure Devops Service. IIS Basic Authentication is not recommended. You can check Enabling IIS Basic Authentication invalidates using Personal Access Tokens and Use the TFS Cross Platform Command Line with TFS using basic authentication or personal access tokens (PATs).
Hope it helps to resolve your puzzle :)
So after lots of research, I found that in the differences between azure devops server and azure devops services documentation. In this documentation it states that it uses windows authentication, and you will never be presented with any login experience.
I'd vote that this should be something that be configured to show a login screen, as sometimes we want to log in as users other than the users we logged into the machine as.
I am trying to integrate my client application with ServiceNow using OAuth 2.0 authentication. In servicenow documentation for REST apis i have seen that we have to register our client with servicenow to get clientid and clientsecret for OAuth 2.0 resource owner password authentication. In the document to register the application we have to navigate to System OAuth > Application Registry in servicenow, but in my servicenow instance System OAuth > Application Registry is not present. How should i proceed to get the clientid and clientsecret
It sounds like the OAuth 2.0 plugin may not be active on your instance.
Got to: https://YOURINSTANCE/v_plugin_list.do?sysparm_query=GOTOname%3E%3Doauth and make sure it is Active
Also in your System Properties, make sure that OAuth is turned on.
This URL: sys_properties_list.do?sysparm_query=GOTOname%3E%3Dcom.snc.platform.security.oauth.is.active
Also check out the wiki for any further clarification:
Good luck!
Steps to create and app and get client id/client secret.
Log into ServiceNow. Make sure you have an admin user login.
You need to navigate to System OAuth > Application Registry. Click New.
Easiest way is to search for "Application Registry"to register an OAuth client application in ServiceNow interceptor page, click Create an OAuth API endpoint for external clients. Fill out the fields, as appropriate.
Step 1
Step 2
Name - e.g. MyApp
If you leave the "Client Secret" as blank that will be the admin password by default (I won't recommend this)
Step 3
Additional Info:
Note that the refresh token expires in 100 days (8,640,000 seconds).
You can update the “Refresh Token Lifespan” to “2,147,483,647” (maximum value allowed by ServiceNow) to have a longer expiry for refreshtoken.
More Details - http://wiki.servicenow.com/index.php?title=OAuth_Setup#gsc.tab=0
• Click Submit.
Make sure tables you access via the api are allowed for web service access. Go to System Definition > Tables and locate your table (e.g. “sys-user”). Make sure “Allow access to this table via web services” checkbox is ticked. By default this is enabled.
Provide your Servicenow admin account username and password with the ClientId and ClientSecret to authorise your app to connect to ServiceNow.
I'm kind of new with websphere. I was following an internal guide for setting up one of our company apps in websphere, but I changed one parameter in the admin console and after restarting the server, we cannot access with the administration console.
I checked the first option, when before the second one was, with user admin, and password admin also. Now, because It says "Server identity generated automatically" I have no idea what combination of user and password I need to enter in the administration console..
The administration console I'm referring to is the one located in server:port/ibm/console.
Thanks, this is really a serious problem for me, I would really appreciate any help I can get...
You should still be able to use whatever password you were using for admin user before making the change. Server user id is not used for restricting access to administrative console (see What is security property 'Server user identity' used for in Websphere Application Server?).
Nonetheless, since you can't access admin console at the moment (I'm assuming you mean that admin colsole login page shows up but you can't get admin user authenticated due to wrong password), first thing I'd suggest is turning of global security, so that you can use admin console to fix your settings and re-enable security. Once security is turned off, you won't be asked for a password during admin console login. Changing security settings in WebSphere Application Server with wsadmin technote gives step by step instructions.
If you are not sure about what password you have used for admin user, you must reset the password in the user repository you have configured (for example if you've configured LDAP, you must reset password at LDAP), before enabling security. If you are using a federated repository (this is default if you've not changed it), most probably admin user resides in file based repository, which is the first member of federated repository. In this case, you can just follow steps at How to reset the administrator's password in the file registry technote to reset your password. Otherwise you can try alternative documented at Updating your WAS administrator password (the link is from Lotus documentation but still is applicable).
Given that you have the command line 'xmlstarlet' in your terminal and,
WAS_HOME = Is your Websphere root location
PROFILENAME = IS your
profile's name
CELLNAME = Is your cell's name
Then,
xmlstarlet edit --update "/security:Security[#enabled='true']/#enabled" --value "false" $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml > /tmp/security.xml
cp /tmp/security.xml $WAS_HOME/profiles/$PROFILENAME/config/cells/$CELLNAME/security.xml
Summary: You are simply editing the correct security.xml file by changing the enabled="true" attribute to enabled="false" programmatically using xmlstarlet. Note that sed,awk,ed and other GNU tools lack the necessary ability to properly deal with the nested tree structure of XML.