I am using ADFS3.0. Suppose I enter incorrect credentials into ADFS sign-in page it returns error message "The user name or password is incorrect".
If due to some reason I try to log-in to ADFS 3.0 with a locked out account still it returns same message which is I think is not correct.
At this point I want to show a custom message say "Account has been locked-out" in place of "The user name or password is incorrect".
Could anybody help me on it ?
You can customize those messages. (You can explain that the account could be blocked and to try later) / contact IT for assistance, etc.
https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn280950(v=ws.11)#custom-error-messages
The reason it returns the same message is because of security.
Different messages could give hints as to how best to mount an attack.
To know that an account is locked out, ADFS would have to do an LDAP query to AD and that type of functionality is not available.
Related
In the docs, the sign in functionality looks like this:
app.intent('Default Welcome Intent', conv => {
conv.ask(new SignIn('To get your account details'))
})
However, I can't find how to force logout a user who just signed in. Anyone help me please? Thanks.
"Logging out" of an account linked with Google Sign In is tricky, particularly if you're using voice matching as well, since the account sent to the Action is the same account as the one you setup the Assistant device with.
You can go to https://myaccount.google.com/permissions and remove permission from the app/Action/project. Once you do this, the Action will no longer get your user information. (This isn't Action specific - it is a core component of Google Sign In across all platforms.)
The other alternative you have is to reset your Assistant device and set it up with a new account. Then when you go to the Action with this reset device, the account won't be linked.
A explicit sign-out function does not seem to be available. However, this can be a good design decision as the user should be logged in to a particular service "as long as possibly allowed". Therefore, when releasing your apps to production, consider looking at the validity of the access_token and refresh_token on your authorisation server to control the "login period".
We are having many users signing in (oauth) reporting issues where they email is not valid. Problem is that they do not have an existing account, but message displayed is very confusing.
It should do the following:
Instead of "The email cannot be recognized by Uber", it should have a clearer message that there is no account associated with their email.
Automatically redirect to sign up
Thanks for the improvement tip - we may consider it as a future request. However, this question is not relevant to SO - please use in the future Uber google groups (https://groups.google.com/forum/#!forum/uber-developers) or send post's on Twitter at #UberDevelopers or #Uber_Support.
I got the following error when login into sonarqube.com:
You're not authorized to access this page. Please contact the administrator.
Reason : You can't sign up because email 'abc#abc.com' is already used by an existing user. This means that you probably already registered with another account.
It seems the issue is that the github handle of the above account got changed as some point!
Please use about.sonarqube.com/contact in order to contact administrator of sonarqube.com
I am using the server-side authentication flow, and when requesting the email extended permission, once in a blue moon the email address is not sent back, causing my application to break.
That information is required for my application to function properly, so I will modify it to re-prompt the user. But I would like to understand why/how this happens since I cannot find any way to revoke that permission from the application when authorizing. The dialog states that the permission is required. Is this because of accounts belonging to minors that can't give out that information?
I'm requesting like so: https://www.facebook.com/dialog/oauth/?client_id=$appId&redirect_uri=$fbAuthUrl&state=$stateString&scope=email
It's possible that some users simply won't have an email - Earlier, it was possible to sign up for Facebook with a cell phone only - I'm not sure if there's some other reason or, it could be a bug with the API
After much head banging, I found this bug filed with Facebook that I think is responsible:
https://developers.facebook.com/bugs/487563591260030
I have an issue with adding a developer colleague to the application as an administrator (it doesn't matter if he's added in a developer role, the error stays the same).
Even though the colleague has a verified account with Facebook that he uses, Facebook claims when I try to add him that he "is not a verified" user.
I assume this is a bug, as the account was disabled once by the user (not by Facebook) and has been reactivated.
Who could I contact to sort this issue out?
The other developer will need to verify himself as a Developer by going to http://developers.facebook.com/ before you can add him.
As described here:
https://www.facebook.com/help/?faq=167551763306531
you need to prove yourself worthy via a phone # or credit card.