I have confluence, jira and my own developed jsf application connected to crowd. This enabled SSO over the three applications.
When not logged in and requesting a url deep inside confluence, I get redirected to the confluence login page. I do the login and I get redirected to the previously demanded page. This is good.
But when I call a url from my own developed application (and I'm not logged in) I get redirected to the confluence login page (thsi is correct) but afterwards I get redirected to the confluence home page in stead of the page (my app) I initially requested.
How can I get the same behaviour in my own app?
Added some explanation about the integration:
code to see if a valid crowd token exists
authenticated = HttpAuthenticatorFactory.getHttpAuthenticator().isAuthenticated(
(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest(),
(HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse());
Ok, I solved it. It was my app that redirecte to welcome page of confluence. So I added a os_destination= myself.
Related
I have developed an SAML application which only uses Microsoft as IDP for successful login and logout of specific users. So after logout, I want Microsoft to redirect me to the website I have configured in the Logout URL of MyApplication in Azure Active Directory. The log-in functionality works everytime but when I logout in presence of only one Microsoft Signed-In account, it logouts perfectly and redirects me to the website I specified. I am facing the issue when I am asked to choose account to logout from a set of accounts (refer Image) of which when I select the configured account, it log me out perfectly but is unable to redirect me to my specified page. The page gets stuck on "You signed out of your account It's a good idea to close all browser windows." (refer Image). Thus I want to be redirected to the specified page when I am asked to select an account while logging out.
Logout Issue Redirect Image reference
Logout Issue Redirect Image reference
This is a known bug in this library.
Here are some alternatives.
You can use silent logout.
The post logout redirect isn't expected after calling logout. This could be a timing issue.
You can achieve a 'clean' logout by opening a new window and calling logout from there. Then a user is left with an extra open window; but at least they've retained a view of the app and it hasn't lost state.
I've set up my first Discourse instance, wrote a custom endpoint on my ASP.NET 5 web app, and enabled DiscourseConnect.
Everything works fine - when the user clicks the Log In button he gets logged in (if he is logged in into my website)
The forum will be available only to my website users, so I'd like to automatically log them in when they visit the forum (they are redirected to my login/register form via DiscourseConnect)
here is the website structure:
main website: example.com
identity server: identity.example.com (used for SSO)
forum: forum.example.com
I couldn't find anything on the Discourse Meta, so I'm asking her:
How to do automatic login when the user visits forum.example.com.
I'm aware I can create a link on my website that redirects to sso (https://example.com/session/sso), but this will work if the user starts from my website (by clicking a link in the menu). If he bookmarks the forum and opens it via that bookmark (or directly by typing the address) that automatic login won't happen.
If you only have one login method allowed, just enable the login required site setting and visitors will automatically be bounced to your ASP application.
I'm having troubles working with what appears to be an error with Facebook's OAuth server-side flow. When logging into Facebook using "Recent Logins", Facebook does not redirect back to my calling application. Instead it goes directly to the Facebook home page.
If I login to Facebook using the email/password fields at the top right of the screen, then the redirection becomes successful.
Is there some way to force facebook to send users to it's main login page and not this main page that displays the recent logins when they are not already logged into Facebook?
This also occurs using Facebook's very own OAuth for developers. So I know it can't be just me.
Login to Facebook.com
Logout
Visit facebook's apps page
Click your profile pic and enter your password (rather than using the blue banner to login).
Facebook redirects you to their home page rather than this page
What would be great is a parameter to this page that would allow me to force a particular facebook login dialog as a workaround.
I am attempting to implement a simple Facebook login flow for a web application using HTTP redirects, as detailed at https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2.
For the purposes of making this question generic, let's say the application URL is www.example.com/app.php. On the application page, there is a link which directs users to Facebook's OAuth endpoint, where ideally:
they log in to Facebook (if not already logged in) and approve my application permission to access their public profile
they are then redirected back to my application's URL along with some extra parameters appended (e.g. www.example.com/app.php?code=...&access_token=... if the login was successful, or www.example.com/app.php?error_reason=...&error=...&error_description=... if login/app approval was unsuccessful)
The Facebook OAuth endpoint is:
www.facebook.com/dialog/oauth?client_id=12345&redirect_uri=www.xyz.com/app.php
where I have filled in the client_id and redirect_uri parameters with my application's ID and my application's URL respectively.
What actually happens whenever I access the link is that it immediately redirects back to my application's homepage - without ever showing a login dialog of any kind. This happens with Firefox and with Chrome - both when I am logged in to Facebook and when I am not, in normal sessions and in incognito sessions with no plugins enabled. From the browser inspector, I can see that the Facebook OAuth page is definitely requested but is straight away 302 redirecting to my application page with just a code parameter appended.
www.example.com/app.php?code=...
This also happens when the Facebook OAuth link is accessed from pages other than my application's URL (e.g. if I click the link from www.example.com/other_page.htm).
I am unsure what I am doing wrong here; the application URL (www.example.com/app.php) is approved on my app dashboard in as many places as I could find, and changing the request_uri parameter to any other URL results in an error page. I have also tried urlencode()ing my application URL before passing it in the request_uri parameter, but the result remains the same. I don't know what to try next as as far as I can tell I have followed Facebook's manual login guide as closely as possible.
I have a facebook application (not written by me, but have some control of its content) and its designed to run as a canvas iframe app, using the new(er) OAuth login stuff. I want to embed it in an external (i.e. non-facebook) iframe , which works fine when authenticated + authorized as its just a page that talks to facebook.
However, when not authenticated + authorized to run the app, obviously it needs to ask for permissions/login. It does this by redirecting to the relevant auth pages, which works if you do top.location.href, but I'd really like to do it within the iframe e.g. using self.location.href . This doesn't seem to be permitted by facebook as instead of redirecting you to the right page you get a facebook logo and a link to bust out of the iframe and go to the auth page, which I don't want to do.
Is it possible to handle the auth stuff within the iframe, and if so, how? Would really appreciate any info on this!
You should use JavaScript framework of facebook-connect that open a pop-up for permissions
Check this tutorial
http://thinkdiff.net/facebook/graph-api-javascript-base-facebook-connect-tutorial/