I am trying to learn integration of buji-pac4j. I already tried demo version which is provided on following URL https://github.com/pac4j/buji-pac4j-demo but it is seem to be working for me partially. (there is some issue from ops side to give me correct call back url).
So far I can notice handshake is happening using demo code.
I’m now trying other way as it is been provided in the documentation that is client.
As per documentation:
A Client represents an authentication mechanism. It performs the login process and returns (if successful) a user profile.
My class has now following details
OidcConfiguration oidcConfiguration = new OidcConfiguration();
oidcConfiguration.setClientId("someClientIDString");
oidcConfiguration.setSecret("someClientSecretString");
oidcConfiguration.setDiscoveryURI("https://development.domainName.com/projectName/idp/.well-known/openid-configuration");
oidcConfiguration.setScope("openid email hrauser hrainfo");
oidcConfiguration.setCallbackUrl("http://localhost:8080/callback");
OidcClient oidcClient = new OidcClient(oidcConfiguration);
Config config = new Config(oidcClient);
config.addAuthorizer("admin", new RequireAnyRoleAuthorizer("ROLE_ADMIN"));
OidcAuthenticator OidcAuthenticator = new OidcAuthenticator(oidcConfiguration);
Above is mostly setting variable in the class,
What am not able to figure is out how above will actually go and talk to openID server.
What all part I am missing.
I am going through the documentation provided on https://github.com/bujiio/buji-pac4j but it is not clear to me on the flow.
Any kind of help or direction will be appreciated.
PS: I am quite new in this area so request to bear with me.
Related
I am using ZAP security testing tool.but at the point of Authentication by username and password of a JSON Request, I face problem to configure these. I checked all links and blogs too. but I can't get the proper step by step solution on it.
Request code:-
{"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58"}
Response code:-
{"userId":72,"userName":"cwc_patna","password":"33a0d2e93e0ad396b7c9374bbbc83a58","emilId":"pratyush#sdrc.co.in","userTypeId":1,"viewName":"cwc","isLive":null,"isActive":null,"isApproved":null,"sjpuAccess":null,"userUserTypeFeaturePermissionMapping":null,"area":null}
That functionality was only just added last week: https://github.com/zaproxy/zaproxy/pull/4624
If you want to use it, you'll either have to use a weekly: https://github.com/zaproxy/zaproxy/wiki/Downloads#zap-weekly
Or, wait for the next full release (likely 2.8.0).
The corresponding PR to update the help content for the new JSON Authentication functionality is here: https://github.com/zaproxy/zap-core-help/pull/188/files if you want to check it out.
You set it up the same way you would for form based authentication. Make sure you define a Logged-in or Logged-out Identifier (or both). Here's some screenshots to help you along:
Manually configure the Authentication for your Context:
Use the Site Tree Context menu(s) to set it up:
Here's an additional help link that might assist you in getting authentication setup: https://github.com/zaproxy/zaproxy/wiki/FAQformauth
I've implemented facebook login following this blog https://ahoycoders.com/2015/07/09/xamarin-forms-social-authentication-with-azure-mobile-services-part-3/
That blog is based on old Azure portal.
But, I'm using new Azure portal.
1. In the new Azure portal I used Easy APIs option for creating custom API as mentioned in the blog.
2. I copied the scrip mentioned in the blog for my custom API and I'm using only Facebook.
I authenticated via Facebook and then called the following,
return await mobileService.InvokeApiAsync("getextrauserinfo", HttpMethod.Get, null);
Unfortunately, I'm getting the following error,
"Cannot read property 'getIdentities' of undefined"
I don't know what's wrong, please help me in fixing this.
currentUser is no longer obtained from request as .user, it is now request.azureMobile.user
They changed the method calls. It is also no longer getIdentities.
Its getIdentity.
A few other calls slightly changed as well.
I suggest anyone wanting to use that guide use console.log to see what each object actually returns and then switch out the old code for the right call.
Logic in that example should still be fine, just slightly different calls/names.
I was trying out the new enhanced revocable sessions in Parse on my Android app. It works well when logging in or signing up via email password or facebook but doesn't work well for custom authentication, e.g. google+.
I'm currently logging in the user using the cloud code which also creates the new user when signing up. This does not create a new Session object, that means the new enhanced sessions are not used and it still uses the legacy sessions.
I pass the session token back to client where using the become method the user logs in but it's the legacy sessions.
This feels like the feature is not complete but I would really like to move to the new enhanced sessions with my app. Has anyone worked with them yet? Are there any workarounds using the REST API or by creating the sessions manually and handling them manually? I looked into the JS API but it says it's only read only.
Here's the Blog post on Enhanced Sessions.
Where should I go next?
Yes, I found a solution but it's a workaround, works for my case because I don't support signing up with user/password.
Basically, the solution (cloud code) in semi pseudo-code is:
Fetch the user with master key
Check if user.getSessionToken() has value
if it has, return the session token and do a user.become() in the client as usual
if it's not, here the workaround, do the following:
yourPreviousPromiseInOrderToChainThem.then(function(user)
password = new Buffer(24);
_.times(24, function(i) {
password.set(i, _.random(0, 255));
});
password = password.toString('base64')
user.setPassword(password);
return user.save();
}).then(function(user) {
return Parse.User.logIn(user.get('username'), password)
}).then(function(user) {
var sessionToken = user.getSessionToken();
// Return the session token to the client as you've been doing with legacy sessions
})
That means, I'm changing the user password each time in order to make a remote login and, of course, I know thist can't be applied to all cases, it's enough for app because I don't support login with user/password (only third party logins) but I understand that maybe it's not for all cases.
I got the idea from this official Parse example.
I don't like this solution because I think is not a workaround, it's a mega hack but I think there is no other way to do it currently (either Parse.com or Parse-Server)
If you find other workaround, please, share it :)
Lately I've been using cURL to post data back from a custom Magento controller to a custom page on the same website.
However, the way I do it somehow breaks Magento's log in data. So I've tried another way. Magento has cURL functionality built into it (Varien_Http_Adapter_Curl).
I've tried to Post through this, but so far it has been over my head and documentation on the web is fairly sparse. I need help with this. I've got a string with all the $_POST data ready to go. Please can someone tell me how to send it?
This:
$url="<URL>";
$curl = new Varien_Http_Adapter_Curl;
$curl->setConfig(array('timeout' => 15));
$curl->write(Zend_Http_Client::POST,$url, '1.1', array(), $poststring);
$result = $curl->read();
$curl->close();
...isn't sending data .
Edit:
I've tried the non-Magento cURL, but didn't know about session Data. I still have no Idea how to send session data, either.
Now, I've tried session variables, but the result is that I can set and extract data on one page, but when changing pages the data is lost. So, this can't be used currently between the controller and view.
better you can use the magento sessions
http://magento-rohan.blogspot.in/2012/03/magento-get-set-unset-session.html
here is this how to use it
You need to give us more information about what are you trying to achieve. Basically you need to tell us where are you sending POST request to? Perhaps another Magento instance or even same Magento website? Are you expecting user to have same session it is having now? Once you give us more info I will edit my answer. For now I will try to guess what is bothering you based on the input you gave.
When you are submitting POST request with curl from server side, that means that user is no longer interacting with the "page" you are trying to submit post request to.
If user is not interacting with it, that means it is not sending user session information.
Basically it looks like this:
Normally
Eric ->(Request with session info)-> Server (Oh it's you Eric, here is
the response just for you)
What are you trying to do
Eric ->(Request with session info)-> Server ->(Request without session
info)-> Server (This server doesn't know about Eric)
So to implement this correctly, if I am good at assuming what is your problem, just pass session information to the second server along with your request.
I will add more info if you tell me I am on the good track of understanding your problem.
---UPDATE---
You didn't explain your situation well. I am telling you this because your whole approach with the cURL may be bad decision from the start. For example, if you are trying to execute code in the same Magento codebase and that code is trapped inside some controller, perhaps you can refactor your code and encapsulate that logic inside some model and execute it directly.
But here is the example of passing session information over curl in plain php:
$strCookie = 'PHPSESSID=' . $_COOKIE['PHPSESSID'] . '; path=/';
curl_setopt( $curl, CURLOPT_COOKIE, $strCookie );
Cookie should perhaps be called "frontend" in Magento. And I checked Varien_Http_Adapter_Curl it doesn't have any method for seting CURLOPT_COOKIE option so I suggest you go with plain curl setup. You also have an option to extend adapter and add that option by your self. Just override "_applyConfig" method.
I have a requirement. I need to access a user's email that is on company specific domain. I need to get the calendar of that user and publish it to web application. I am exhausted finding any API that can help me to do that. The email client used by company is Thunder Bird, So , in specific, I need to access calender's from Thunder Bird for that particular user. Can any one tell me some suggestions for this.
Kumar
Your question is very unprecise (what kind of is the server providing the emails/calendars? Is there a LDAP Domain? And so on). I suppose you are talking about an old Exchange Server because of some Domain and WebDAV and problems while searching? But I maybe can give you at least a bit of help, that may lead you to already trodden paths of other coders, so that you may find a simple and fast solution.
Today I finished a M$ Exchange 2003 Connector as a proof-of-concept. And I tell you, that it was really hard for me as a student while an Internship. Nonetheless, I researched and searched and queried and annoyed other to get hints for a useful API, but none fulfilled my purposes.
One small framework I found which is nice to use is called Sardine WebDAV Client for Java. The project is very light-weighted, though it was helpful to get an idea how WebDAV works, even due to sources you can always look at.
All other solutions aimed at a lot of different MAPI CC++ Libs for Linux. That was no option for me.
So, what options did I have? No direct access to the customers Exchange 2k3 Server, but one email account. So you all may forgive me, but I found it much easier to make a POST request to the E2k3 Server via OWA, because it was activated than trying some heavy lib supported ways of accessing.
Maybe this comes to your avail- Get the form-field information from the OWA form and build a connection string you Post to the server. Perhaps this is a string that might give you an idea. So you need to call a DLL like this:
HttpPost httpPost = new HttpPost("https://" + getUrl()
+ "/exchweb/bin/auth/owaauth.dll");
httpPost.setEntity(new StringEntity("destination=https%3A%2F%2F"
+ getUrl() + "%2Fexchange%2F&flags=0&username=" + getUser()
+ "&password=" + getPassword()
+ "&SubmitCreds=Log+On&trusted=4&flags=4", "UTF-8"));
The information how to make a form based authentication came from here: Exchange 2003 Forms-Based Authentication. As you can see I grabbed from the browser the Link, which is used to communicate with the E2k. The next step is simple - send the request and wait for...
HttpResponse response = httpclient.execute(httpPost);
If you get a good response in return, then you can filter out the Session ID. The next step after a successful login is to search for appointments. Therefore you should find a appropriate method to work with on an established WebDAV connection by asking M$ for some Information: SEARCH Method
Then, you read what it can do. I went on with a well-known Find-Machine and queried for Searching Calendar Folders with WebDAV.
After that you can create a POST request like this:
HttpPost hp = new HttpPost(
"https://owa.SERVER.de/exchange/USER/Calendar") {
#Override
public String getMethod() {
return "SEARCH";
}
};
Now you can make use of the SEARCH method. That is good, because your program is ready to send the request.
hp.setEntity(new StringEntity(QUERY, ContentType.TEXT_XML));
HttpResponse response = httpclient2.execute(hp);
I know it is no perfect solution. Because there were two circumstances which made me wonder. Firstly: I retrieved a Session ID, but I wasn't in need to re-use it anywhere, as long as I kept it in a field. And secondly: I needed to call for another HttpClient. I cannot explain right now. If I used the same HttpClient I used for logon, then all request were in vain. That is why I had to call another HttpClient.
The last and most difficult step was to get behind the query, because the only debugging help I had were HTTP Error Numbers and the bad descriptions in the MSDN. Sorry for that. Well, this is what really worked fine. I got behind it with Trial and Error.
private final static String QUERY = "<?xml version=\"1.0\"?><g:searchrequest
xmlns:g=\"DAV:\"><g:sql> Select \"DAV:href\", \"urn:schemas:calendar:dtstart\",
\"urn:schemas:calendar:dtend\", \"urn:schemas:mailheader:subject\",
\"urn:schemas:calendar:duration\" FROM Scope('SHALLOW TRAVERSAL OF
\"/exchange/USER/Calendar\"')</g:sql></g:searchrequest>";
This is no particular query. I just alternated it from another Document and removed all stuff I didnt't need.
I hope this helps you a bit. About providing Thunderbird Appointment/Calendar dates I can't tell anything because this is yet beyond my knowledge.
Best regards and good night,
Semo