I need current login and username in Alfresco to construct org.apache.chemistry.opencmis.client.api.Session instance as described here https://docs.alfresco.com/6.1/concepts/opencmis-ext-intro.html but I don't know how to do that, could you tell me?
My aim to get more than 1000 records from the repository using CMIS request and since I can not change the configuration I need use paging with org.apache.chemistry.opencmis.client.api.Session instance as described here https://issues.alfresco.com/jira/browse/MNT-15540 and here https://stackoverflow.com/a/21127909
Please, help me to get more than 1000 documents with single CMIS query?
Thank you!
You can't get the password but you can retrieve the username and authenticate with the alf token.
Java API: PersonService
getPerson
#Auditable(parameters="personRef")
PersonService.PersonInfo getPerson(NodeRef personRef)
throws NoSuchPersonException
Retrieve the person info for an existing person NodeRef
Parameters:
personRef - NodeRef
Returns:
PersonInfo (username, firstname, lastname)
Throws:
NoSuchPersonException - if the person doesn't exist
If you fetch the user's ticket, which you can do in a variety of ways, including the public REST API or your own custom web script, you can then use the ticket as the password when creating a CMIS session using OpenCMIS. This is the proper way to authenticate with CMIS when you don't know the user's password.
Related
I have an existing user in my Xamarin Forms app whose Details are as follows:
First Name: Jim
Last Name: Smith
ProviderLoginId = jsmith#google.com
OAuth Provider: Google
When I first create this user, I use the following method to authenticate against google as follows:
result = await AuthenticationClient.AcquireTokenInteractive("https://***.onmicrosoft.com/profile.read/profile.read")
.ExecuteAsync();
JObject objToken = new JObject();
objToken.Add("access_token", result.IdToken);
MobileServiceUser user = await App.syncMgr.CurrentClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, objToken);
Now, I take the UserId property from the MobileServiceUser user variable and store it into my User Table as primary key.
Subsequently, I create another new user with the following details:
First Name: Jim
Last Name: Smith
ProviderLoginId = jsmith#hotmail.com
OAuthProvider: Microsoft
When I create the user using the same steps as above, I get the same UserId back from Azure. Obviously, I am not able to store it in my User table for the second user. This only happens when the first name and the last name are the same regardless of which ProviderLoginId was used (whether it was Google OAuth or Microsoft OAuth).
Should I not be getting a unique UserId in each case? Since the bug surfaces only when the first and last names are same, I am assuming it is some sort of a bug.
Any and all help is appreciated.
You are using the older client, which is no longer supported.
You should be submitting the access token to the service, not the IdToken. You haven't stated what the AuthenticationClient is, but hopefully it is ADAL (since the older service doesn't work with MSAL).
The newer client and service completely abstracts the authentication code, allowing you to use whatever authentication mechanism you like and just dealing with standard OAuth2/OIDC and bearer tokens (Authorization header) instead of the non-standard X-ZUMO-AUTH header that was used in the past. My recommendation is to upgrade the client and server.
I'm trying to implement the "on behalf of" flow in an application using ADFS 2016 as STS. As a reference, I look at this Microsoft tutorial (https://learn.microsoft.com/en-ca/windows-server/identity/ad-fs/development/ad-fs-on-behalf-of-authentication-in-windows-server). It's working as it should, I can login into my web application and then use my original access token in UserAssertion to generate a new access token with the proper audience to call my API BUT I found absolutely no way to include any user informations (sub, name, email, upn etc.) into the access token for my API, even if I set claim rules into my ADFS configurations for the API.
I checked the communication between my app and adfs using Fiddler and everything looks like the informations in the tutorial. See the screen shot of the "on behalf of" request below :
Here's the resulting access token :
Finally, here's the code I use to generate my new access token :
private async Task<string> GetAccessToken(ClaimsPrincipal user, string originalAccessToken)
{
var authority = "[authority]";
var context = new AuthenticationContext(authority, false);
string userName = user.FindFirstValue("upn");
var userAssertion = new UserAssertion(originalAccessToken, "urn:ietf:params:oauth:grant-type:jwt-bearer",userName);
var cc = new ClientCredential("https://localhost:44387/", "[client_secret]");
var result = await context.AcquireTokenAsync("https://localhost:44339/", cc, userAssertion);
return result.AccessToken;
}
Have you struggle with that scenario and if yes, did you find a way to fix this ?
Thanks
I've only used the Microsoft On Behalf Of flow with Azure AD and not ADFS, but it looks like you need to send a more detailed scope in your User Info request.
Maybe try sending 'openid profile email', to indicate that you want that type of detail, as in Section 17 of my blog post. Of course this assumes that this type of data has been registered for all users.
TROUBLESHOOTING
Looks like one of these will be the cause:
A suboptimal Microsoft library that does not allow you to send the required scope
Or ADFS 2016 perhaps lacks the scope features that work correctly in Azure AD
I would concentrate on making extra sure you are sending the correct form URL encoded request message, using a tool such as curl, Postman or a plain C# HttpClient. Here is the code I used to send the correct scope - using an open source library rather than a Microsoft one:
Sample NodeJS Code
If you can get the scope sent correctly then you should have a resolution either way:
Either you get the correct data and can update your code
Or the behaviour you want is not supported by ADFS
Good luck ...
I am using the following command to get the username in a custom magnolia class:String userName = MgnlContext.getInstance().getJCRSession("website").getUserID();
Instead of getting the name of the user who is signed on in magnolia when the command was triggered I am getting admin for the value. How can I get the real user name - the one who signed on to magnolia?
Actually to get current user, what you want is to either inject MgnlContext or get it via MgnlContext.getInstance() call.
Once you have context, you call ctx.getUser().getName() to get current user name.
You can inject info.magnolia.cms.security.SecuritySupport to your class and use
info.magnolia.cms.security.SecuritySupport#getUserManager()
afterwards, you are exposed to plenty of utility method that one can fetch all users or users by group etc.
I need to access a private data set in socrata using SODA API. Suppose below link is the data set
https://data.cityofchicago.org/resource/xxxx-xxx.json
I get the following error when try this.
"error" : true,
"message" : "You must be logged in to access this resource"
I have valid credentials to access the data set. But how can I pass it through SODA API calls?
I tried the below code but it doesn't work.
https://data.cityofchicago.org/resource/xxxx-xxx.json?$username='myname'&$password='pwd#123'
You'll need to use either HTTP Basic or OAuth 2.0 to authenticate. We have details on how to do that on the developer portal.
Make sure you also provide an application token, as detailed in those docs.
You need to pass Secret-Token and AppToken with the query string.
How to Get secret Token
Log in to your portal and select "Create new Application"
Enter https://data.cityofchicago.org/resource/xxxx-xxx.json in the "website" field.
Save it.
Go to "Manage" and get your AppToken and SecretToken from under "Manage".
Now, pass the app token and secret token in the URL according to socrata developer document syntax:
https://sandbox.socrata.com/oauth/access_token
?client_id=YOUR_AUTH_TOKEN
&client_secret=YOUR_SECRET_TOKEN
&grant_type=authorization_code
&redirect_uri=YOUR_REDIRECT_URI
&code=CODE
I am also looking for an answer for the same question. After passing the app token I can access public DB but can not access Private DB.
I am using Twitterizer to integrate Twitter into my ASP.NET app. After authenticating the user I am using following code to see if the authenticated user is following a specific user:
Twitterizer.TwitterUser followed = new Twitterizer.TwitterUser();
followed.ScreenName = tw_current_like;
bool? Following = followed.IsFollowing;
However Following.HasValue is always false. Am I missing something?
As I stated on the forums. Instantiating TwitterUser will not fetch any data from Twitter.
Also, the Twitter API is spotty in how/when it supplies the following indicator. You can use TwitterFriendship.Show(OAuthTokens, decimal/string) to query details about the relationship between the authenticated user and another user.