I'm trying to integrate open distro ELK with OpenID Connect by following the guide here (https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/openid-connect/#kibana-single-sign-on), specifically by updating the kibana.yml and config.yml files as shown.
The behavior I'm seeing is:
Visit ${KIBANA_URL}
Get redirected straight to ${KIBANA_URL}/auth/openid/login with 401
I'm checking the network requests, and I'm not sure why it's not redirecting to the IDP (Okta) first. What should I check next?
Related
We tried enabling SAML SSO on the Artifactory 7.35.1 with PingFederate but unsuccessful.
We have followed this documentation. Ping Authenticates successfully and redirects to Artifactory but Artifactory fails with the below error.
{"errors":[{"status":400,"message":"{"error":"Error occurred while trying to login using SAML. Check your Artifactory logs for more details."}"}]}
We tried to enable log following this guide but the "artifactory.log" file is not getting created and SAML XML is not logged to any of the log files as stated.
Appreciate any guidance to debug or fix the error.
I have configured 2 wso2 IS server instances in the local windows environment according to the documentation provided https://docs.wso2.com/display/CLUSTER44x/Clustering+Identity+Server+5.1.0%2C+5.2.0+and+5.3.0
and also the NGINX configuration with self signed certificates
I have been redirecting to the wso2 is login page of any one node but when logging in its redirecting to the login page again but at log showing
[2017-05-24 15:52:26,528] INFO {org.wso2.carbon.core.services.util.CarbonAuthenticationUtil} - 'admin#carbon.super [-1234]' logged in at [2017-05-24 15:52:26,528+0530]
Its working properly with one node(other is down).
I am not able to figure out where is the issue, both nodes are working properly no error in the logs,
Please help ,
Thanks
Pankaj
You will need to enable sticky sessions in nginx configurations. See WSO2 doc too.
I'm trying to use Skype for Business online WebSDK. I'm following the instructions located here - https://msdn.microsoft.com/Skype/WebSDK/docs/DevelopWebSDKappsForSfBOnline.
I'm trying to authenticate user with Office 65 online but I have problems while executing app.signInManager.signIn command.
Browser sends several requests:
Request URL:https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root
Request Method:GET
Status Code:200 OK
Request URL:https://webdir2e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Request Method:OPTIONS
Status Code:200 OK
Request URL:https://webdir2e.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Request Method:GET
Status Code:401 Unauthorized
The last request is failing with an error:
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied.
I'm authenticating with admin user and with an account that has Skype for Business online subscription.
Can you help me with this problem? What am I doing wrong? Are there any other prerequisites to be able to successfully log in?
I did everything from scratch following the guide here https://github.com/OfficeDev/skype-web-sdk-simple-sample-for-SfB-online. Created a Microsoft account, got a free O365 tenant, signed up for free Azure Active Directory trial account. Associated my O365 account with Azure AD as described here https://msdn.microsoft.com/en-us/office/office365/howto/setup-development-environment#associate-your-office-365-account-with-azure-ad-to-create-and-manage-apps. Then I registered the new app in Azure Active Directory to use Skype for Business.
Then I updated config.js in the skype web sdk simple sample for SfB online application.
And again no luck, the same error - 401 - Unauthorized: Access is denied due to invalid credentials.
I was trying to run the index.html page on the localhost in the htdocs/skype directory. Of course I was setting the reply url accordinly as http://localhost/skype/index.html.
Then I tried to move everything in skype directory to the root - to the htdocs folder. And also changed reply url to http://localhost/index.html. And very strangly but it helped. Now I can successfully login using Skype WebSDK.
I don't know the reason for why it is working only this way. If someone have an idea you are welcome to comment.
I've just installed Redmine on Windows 2008 R2 through the setup realized by Bitnami.
All works fine. Also SSL is working excellent.
Since today Redmine is in my DMZ, and I reach it directly, from internal network.
I arrive on login page and go.
Now I've published it on public IP with Microsoft TMG.
On TMG I use a listener that require authentication through radius.
TMG permits to pass credential to the web application by some different way, one is basic auth, one is NTLM....
I've found a redmine plugin that permit to use basic auth in redmine, so at login I don't see the redmine page but the classic http popup for credentials.
In this situation, like other published web application, TMG is configured to pass credentials on http basic auth but only redmine fails.
TMG pass credentials and these are refused by redmine, so TMG propose again credentials request.
Does anyone has a solution?
It could be a problem in the basic auth plugin, but it's the only one I've founded.
Thanks,
Mirko
I am integrating Drupal and OKTA. When I try to access my website I am being redirected to Okta for login. But after successful authentication I am not being redirected back to my website.
I am following a SP initiated workflow. My log message in OKTA is as follows.
Is there a way I can have more debugging information from OKTA to figure out what is going on and what setting is wrong?
My suspicion is that the target resource in the SAML template isn't correct but several things could be going on. A valuable tool to help debug this is the SAML tracer extension to Firefox.
https://addons.mozilla.org/en-us/firefox/addon/saml-tracer/
It was becuase of the redirect url not set properly in the IDP and the port number issues on my server.
If you are interested in the detailed set up please checkout https://www.youtube.com/watch?v=IEtNUAM79K8