I am trying to separate the Administrator Authentication and Organization Authentication in the OpenAM. The version that I'm using is AM-7.2.0.
I just changed the Organization Authentication from the embedded ldap to OpenDJ. And I found that I cannot login to the console page with the amadmin account.
I tried to access http://am.example.com:8080/am/console but it shows "Page Not Found". When I check with the webapps/am/console/ folder. There is only images/PrimaryProductName.png.
May I know how can I make the console page with the above url available? or it is no longer used for Administrator Authentication?
Related
I have a .NET MVC applicatoin and I am trying to use Azure AD Authentication.
I create a new project and chose
"Work or School Accounts"
Cloud - Single Organiszation
At no time does it ask me for a redirect URL
I then click okay and it creates the solution (as well as registering it at Azure AD).
Problem is that when I login it alway redirects to a localhost address.
Even if I change the web.config to the correct URL of the app (as registed in IIS) it keeps redirecting. When I log into Azure AD the app is listed as an Enterprise Application and I am unable to change the homepage URL
Instead of "Enterprise Applications", you need to go to "App Registrations" in your Azure AD.
So navigate to Azure Protal > Azure AD > App Registrations > Find app registration for your application (you may need to change from "My apps" to "All apps"
Then make whatever changes you need:
You can change the home page under Settings > properties
Also, an important part is to add the required URL in Reply URLs as shown in screenshot below. Settings > Reply URLs
I need to allow users to login website either with their Active Directory accounts if they are in local network (Sitecore's single sign-on functionality) or with their credentials (email and social security number) if they access site being outside local network.
First option could be achieved by enabling Windows Authentication mode in IIS and second - by using Anonymous mode. But it is impossible to enable these two modes at the same time for one site. So the question is how to configure website in IIS to allow both groups of users login it with appropriate option and do not create different site for each option?
Any good ideas are appreciated.
Assuming you are talking about the Sitecore interface, you can disable Windows Authentication and your AD users can still log in by specifying the domain as part of their username, e.g. <AD-Domain>\AD-username and then supplying their AD password. If you have followed the Sitecore Active Directory Module Guide then domain in this instance should be ad but you can change this to whatever you like, just make sure the rest of the config and references to "ad" have been changed to match.
In order to still allow Single Sign On without the user having to type in their domain/username/password you need to remove Anonymous and enable Windows Authentication for the login file only located at /sitecore/admin/ldaplogin.aspx. See section 4.3.1 of the documentation.
In order to use this Single Sign On page and login, your AD users need to browser to http://<your-site>/sitecore/admin/ldaplogin.aspx. I provided a link on Sitecore login page by creating an HTML page with a link to this page:
<html>
<body>
Login with your Windows account
</body>
<html>
And then updating the Login.SitecoreUrl setting to the html page:
<!-- LOGIN SITECORE URL
Specifies the Url of the Sitecore pane on the login startpage.
-->
<setting name="Login.SitecoreUrl" value="/sitecore/admin/ldaplogin.html" />
Your users will then be provided with a link in the pane on the right side of the login page for Sitecore 7.5 and earlier.
Sitecore does have its own Active Directory module that its worth investigating. The links to documents are broken currently so can't find the exact answer to help you.
Here is the link to the main page and download - sdn.sitecore.net/Products/AD.aspx
It's their own Module so if you do have any questions or issues you can raise a support ticket with them.
I am trying to set up an ASP.Net MVC project that will use Azure Active Directory. I keep getting an error informing me that my user verification failed.
Here are the steps leading to the error message:
In VS 2013 Web Express, select New ASP.Net Web Application
Select MVC Template
Click change authentication button
Select Organizational Accounts option
Fill out form and click
A window pops up asking to verify password of my MS account
At this point I get an error message telling me that my user verification failed.
I do have an Azure Account. I do have directory set up in AAD.
Anyone have some guidance on setting up this project?
I found the answer in a page on the ASP.Net site. Organizational account authentication options
Don’t enter credentials for a Microsoft account (for example, contoso#hotmail.com) in the sign-in dialog box.
The sticking point was I did what the above quote says I should not do.
I've just wrote a legacy app on IIS 6.0 (.NET 1.0, don't even ask why!). One of the requirements is to have "Integrated Windows Authentication" disabled on the Virtual directory.
http://localhost/test.html
When I disable that, I get a error 401.1 on the IIS root's test.html, which consists of "Hello World"
You are not authorized to view this page You do not have permission to
view this directory or page using the credentials that you supplied.
Please try the following:
•Contact the Web site administrator if you believe you should be able
to view this directory or page. •Click the Refresh button to try again
with different credentials. HTTP Error 401.1 - Unauthorized: Access is
denied due to invalid credentials. Internet Information Services (IIS)
When IWM is enabled, the website works like a gem.
Does anyone know what is the root cause? This doesn't appear to be an issue with my app since even the default test.html fails with authentication
You will most likely need to set the correct folder permissions for the 'Anonymous' user on the folder you are accessing.
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/f594e137-e2da-4b22-ab58-f8edba938802.mspx?mfr=true
edit: this is the more relevant link:
http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/9ded7af2-fcb7-4ed2-b007-e19f971f6e13.mspx?mfr=true
Issue was resolved with removing Guest and Anonymous restriction from the local security policy
I have authentication mode set to forms in my asp.net web.config but am still getting a windows login prompt when i browse to the website.
Could authentication mode be set elsewhere, in IIS for example? My site runs on IIS 6.
Thanks.
This could be because the permissions on the folder that is being served is not allowed to be accessed by the user running the web site
I have had issues where the authentication was set to forms and the directory security was set to allow anonymous, but some resources (images in my particular case) did not have the proper permissions to allow the anonymous user to read them.
The effect is that the user was prompted to login so that the graphics could be displayed, after which the form was displayed and the user logged in (again) with the intended form.
Sounds like windows permissions problem.
Windows permissions will always override anything that you have set up in aspnet.
I would start by looking at "anonymous access" permissions in IIS admin, then work your way through the file system.
You have configured anonymous access in IIS Administrator, but the IIS user does not have permission to access the filesystem, defaulting to the login dialog to authenticate as Windows user.
As it happens a colleague updated my machine to .NET Framework 3.5 SP1 whilst I was away. So I compiled my project and released onto the server which does not have SP1 installed and the above happened.
I've installed SP1 on the server and it's working fine now.
Thanks for all your input.
Just to clarify : the login popped up because the application was unable to load a file due to the problem described in the following: Link