I have a Facebook canvas app developed in /net using C# and the latest Facebook SDK 5.xyz
Everything was working fine when i had the app was running a website where all files were on root directory ( http://localhost:81/ ).
Now I had to move (adapt) my app to run from a subdir of an existing website ( http://localhost:81/MySiteFacebook/ )
in web.config i have
<handlers>
<add name="facebookredirect" path="facebookredirect.axd" verb="*" type="Facebook.Web.FacebookAppRedirectHttpHandler, Facebook.Web" />
But this way is not working, while the Authorization is doing the redirect i see in url:
http://www.facebook.com/dialog/oauth/?scope=user_about_me,publish_stream,email&state=STATEHASHHER&client_id=CLIENTIDHERE&redirect_uri=http://localhost:81/facebookredirect.axd
if i manulay add in the url at redirect_uri the subdir and come with: http://localhost:81/MySiteFacebook/facebookredirect.axd
The redirect works fine, it sends me to my registration page.
Given this behavior i went back to my web.config and added the /MySiteFacebook/facebookredirect.axd to the 'path' of the handled.
Guess what? it is not adding this path to the redirect_uri.. ? :(
Any idea? please , Thanks.
You're changing the web.config in the wrong place, you should be editing the urls in the facebookSettings such as:
<facebookSettings appId = "{app_id}" appSecret = "{app_secret}"
canvasPage = "http://apps.facebook.com/{canvas_page}/"
canvasUrl = "http://localhost:81/MySiteFacebook"
secureCanvasUrl = "https://localhost:81/MySiteFacebook" />
Related
I'm working my way through the Sustainsys documentation for configuring an Asp.Net WebForms app. But I'm not getting redirected to the idP login page. What am I missing?
<sustainsys.saml2 entityId="http://localhost/wingtip-toys"
returnUrl="https://localhost/wingtip-toys"
authenticateRequestSigningBehavior="Never"
publicOrigin="https://localhost/wingtip-toys"
validateCertificates="false">
<identityProviders>
<add entityId="http://localhost:8080/auth/realms/wingtip-toys"
signOnUrl="http://localhost:8080/auth/realms/wingtip-toys"
metadataLocation="http://localhost:8080/auth/realms/wingtip-toys/protocol/saml/descriptor"
loadMetadata="true" allowUnsolicitedAuthnResponse="false">
</add>
</identityProviders>
<compatibility unpackEntitiesDescriptorInIdentityProviderMetadata="true" />
</sustainsys.saml2>
The redirection just attempts to stay internal to the application, ~/login.aspx
Thanks
Update the forms auth tag to redirect to /Saml2/Signin.
I am spinning a big wheel now. please shed some light.
Reverse proxy is working with Apache. So, when I access https://hostname/app/default.html, it opens Tomcat app url. No issue.
The tomcat app currently redirects to https://hostname/app/login.html which has a login box.
1) Do I need to disable UserDatabase on Tomcat server.xml ?
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
2) Is this Shibboleth configuration correct ?
But, when I try configure this with OKTA- Shibboleth(3.0), it's looping OKTA SSO url.
In shibboleth2.xml
<ApplicationDefaults id="default"
entityID="https://hostname/shibboleth-sp"
REMOTE_USER="userid" >
<SSO entityID="http://www.okta.com/~~~~">
OKTA's metadata is downloaded and located with shibboleth2.xml file.
cert is also generated and placed in the same folder.
3) Is this OKTA configuration correct ?
In OKTA widget configuration menu,
- Single sign on url :https://hostname/Shibboleth.sso/SAML2/POST
- recipient url : https://hostname/Shibboleth.sso/SAML2/POST
- destination url :https://hostname/Shibboleth.sso/SAML2/POST
- audience restriction :https://hostname/shibboleth-sp <-- above SP entityID
- default relay state : ??
right now, when I click on the widget on OKTA, it's looping.
https://hostname/Shibboleth.sso/SAML2/POST
contains SAML response.
then, it redirects to OKTA SSO url. It never ends.
https:// xxx.oktapreview.com/app/xx_reverse_proxy_/xxxx/sso/saml?SAMLRequest=~~~&RelayState=~~~
This contains SAML request but it looks like this.
<samlp:AuthnRequest
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
AssertionConsumerServiceURL="https://hostname/Shibboleth.sso/SAML2/POST"
Destination="https://okta sso/sso/saml"
ID="xx"
IssueInstant="2018-11-02T15:39:24Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0">
<saml:Issuer
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://hostname/shibboleth-sp
</saml:Issuer>
<samlp:NameIDPolicy
AllowCreate="1"/>
Is this Issuer url correct? Why is it looping and how to fix ?
Re Q#1: You only need Tomcat users if you're going to protect an application with it, such as the Tomcat manager. Otherwise, no.
Re Q#2: You list <SSO entityID="http://www.okta.com/~~~~"> but Destination="https://okta sso/sso/saml" from the SAML. You might want to check http/https. This is a very common cause of looping. Eliminate any potential http/https inconsistency.
FWIW Issuer looks correct to me... that's what you specify in entityID="https://hostname/shibboleth-sp"
I have a separate rest module named 'x' where I have used spring security with basic auth filter(username and password) in complete module therefore any request hitting this rest services should be logged-in but I have one page for forgot password where I am mapping in the same x module due to this auth filter I am unable to proceed. If I am logged in and going to this page and using the services of x module then its working fine but not in case of logged out users.
I tried these thing for not working
<http pattern="/forgotpass" security="none"/>
<intercept-url pattern="/forgotPassword" access="permitAll"/>
<intercept-url pattern="/forgotPassword" filter="none"/>
--> access="permitAll" does not work since it does permit all url but still it will authenticate with filter
and filter="none" is depricated not even able to start my jar when I put this thing.
security="none" gives 403 forbidden error sometimes or internal server error since I was changing the pattern "rest/forgotPassword" or "forgotPassword".
I resolved my problem by myself.
It was sequence that was having problem with.
I was using <intercept-url pattern="/forgotPassword" access="isAnonymous()"/>
after this <intercept-url pattern="/**" access="hasAuthority('USER')" />
I just order the line by putting "/forgotPassword" url on top of "/**"
Reason: It was overriding the request pattern in sequence it came first therefore it didnt allow to pass because role was missing in forgotpassword
I am trying to make MVC4 facebook application using VS 2012 Facebook template. When I run the application keep on getting "Given URL is not permitted by the application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains."
Got following configuration in the web.config
<add key="Facebook:AppId" value="7XXXXXXX64" />
<add key="Facebook:AppSecret" value="e7066XXXXXXXX344" />
<add key="Facebook:AppNamespace" value="mynotepadapp" />
<add key="Facebook:AuthorizationRedirectPath" value="~/Home/Permissions" />
<add key="Facebook:VerifyToken:User" value="" />
I have added www.example.com in my host file. What I am missing here? Also I tried site URL and Canvas URL with out "www". Didnt work either.
Here is what I did to make mvc4 template to work with localhost
You dont change hosts file, leave that one as it is
on Facebook app configuration page under settings > Basic
App Domains is Empty
Canvas url/Canvas Secure url: https: // localhost : port number/ (sorry stackoverflow wont let me write the url properly)
SiteUrl same as canvas url
Your Sandbox mode should be enabled if using localhost
Make sure your Canvas and canvas secure are both https and ends with /
In Web.config, write your appkey, appsecret and appnamespace
Note: there is no place where you need to enter example.com
Hope it helps
This is customErrors section from my web.config file
<customErrors mode="On">
<error statusCode="500" redirect="HTTP500.aspx" />
</customErrors>
HTTP500.aspx is the same as standard /Views/Shared/Error.aspx page.
When I get HTTP 500 error I see this page:
Server Error in '/' Application.
Runtime Error
Description: An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed.
Details: To enable the details of this specific error message to be viewable on the local server machine, please create a tag within a "web.config" configuration file located in the root directory of the current web application. This tag should then have its "mode" attribute set to "RemoteOnly". To enable the details to be viewable on remote machines, please set "mode" to "Off".
Notes: The current error page you are seeing can be replaced by a custom error page by modifying the "defaultRedirect" attribute of the application's configuration tag to point to a custom error page URL.
But when I change the above customErrors section like this:
<customErrors mode="On">
<error statusCode="500" redirect="HTTP500.htm" />
</customErrors>
then HTTP500.htm page is displayed when HTTP 500 error occurs.
Why HTTP500.aspx page isn't displayed?
I suspect its a problem with your routes. You may be mapping HTTP500.aspx to a non-existant controller method.
Have you tried the following?
routes.IgnoreRoute("HTTP500.aspx");