I have successfully, or so I thought, connected up to our IDP for single sign on with shibboleth. I went to the Shibboleth test login page and was prompted by our IDP to login. Once I logged in, it gave me an error saying that the site can't be reached and that the server IP address could not be found. I have tried going to the logout and status pages and get that same error. I am not seeing anything in the shibd logs that indicate any errors. I have tried resetting my shibboleth daemon and my IIS and still am getting the same error.
Could this be something to do with my shibboleth2.xml configuration? I am not sure how the server IP address would be affected by this.
I can provide any needed information you may need!
If your secured url is https://local-or-some-domain/secure, when you hit that URL and you are taken to idP, after successful login you are taken back to the same URL but the browser says nothing found.
If above is your scenario then congratulations, you have successfully integrated the shibboleth SP with idP. Most of the time error occurs because there is no page hosted to the URL we secured.
If above is not your scenario then you may want to elaborate little more.
Related
I recently renewed my domain name after it expired. However, when I try to view my website, a login box popups.
This is new. I tried putting in my wordpress admin username and password all to no avail. Infact I get a '401 Authorization Required' error.
I have been at this for some days now. I contacted my hosting provider. They said they could view my website and that everything is fine. They however instructed me to clear my browser cache and cookies, which I have done. Still, the problem persist.
I tried viewing the site with an IP proxy site and truly I could see my website without any errors or login pop up box.
How do I solve this problem?
A 401 request usually means that your client (e.g. your web browser) is not able to authenticate itself with the server therfore cannot view the resource.
You have cleared your cache and cookies and you're prompted by a login
box, following this a 401 error appears. The site is viewable from
proxy.
Things to check,
Flush your DNS
Are the login details correct? its possible to get this error from incorrect logins
Check the URL for errors, make sure you're using the intended url
Try deactivating your wordpress plugins if problems still persist
Any further information you can provide, including images would help a lot.
I have a fresh asp.net application which has facebook authentication button on it. When I do the authentication on localhost it works flawlessly but when I publish and try to do it on work4me.azurewebsites.net it comes up with the error:
An error occurred while processing your request.
I have set the appID, app secret, domain, correct URL, and http://work4me.azurewebsites.net/signin-facebookas the oauth redirect URI. But it seems like it is hanging for a bit saying "waiting for domain name" before giving me the error.
If I try to enable facebook authentication on the azure portal it works however after logging in the application crashes and gives me the error "Server Error in '/' Application.".
I have followed the guide to enable facebook authentication on azures website but with no luck.
What am I doing wrong here?
EDIT:
It seems to get past that point now, and the error is with the redirect URI. However I have followed this example and use the URL https://work4me.azurewebsites.net/.auth/login/facebook/callback as the guide says but still it wont work, giving me the error that the URI is blocked.
It's been a few months since I first tried this, but I was able to get it working both locally and on Azure, by following the online instructions.
Did you enable User Secrets during development to access your credentials from Application Secrets? If so, you need to create environment variables in your Azure Web App to mirror these values under Application Settings.
Let me know if you still have any issues, then I can look into it some more.
All the best! :)
I have a webapp which is a .NET 4, webforms app running on IIS 7.5 on Server 2008. Recently and apparently sporadically users trying to use the app on a mac are being presented with an error page stating:
401 Unauthorized - Access is denied due to invalid credentials.
You do not have the permission to view this directory using the credentials that you supplied.
The page doesn't provide any further information or substatus codes. I have checked the IIS error logs for more information and have found that this issue does seem to be unique to users on a mac most commonly Safari but it does also happen on other browsers such as Firefox. Again no substatus code is provided in these logs.
The error message provided seems to be consistent with a 401.1 however I am using forms authentication and not windows authentication. I have been unable to reproduce this myself and at the moment it apparently happens at random for users and not consistently after a set of specific steps.
This error occurs when users are in the app or trying to log in, I do not think it is related to them entering invalid credentials as I have validation to handle that and it can happen to users already logged into the app.
As I can't reproduce the error I am not sure how to approach solving this problem, I would like some guidance to this regard and any solutions or ideas that you guys can come up with. If more information is needed let me know and I can update the question.
EDIT:
I had an idea that maybe some configuration on a mac was causing a WWW-Authenticate header to be sent when it isn't required, but after using TamerData to add the header I found I still couldn't replicate the issue. All authentication in IIS is disabled with the exception of anonymous and forms.
EDIT 2:
I have now been able to successfully reproduce the issue, it occurs when an unauthenticated user attempts to access a protected page with a ?ReturnUrl=value parameter. This will cause IIS to display the error page described above. I can fix this behaviour by removing the ReturnUrl parameter on any unauthenticated attempts to access a protected page and redirect the user to the login page in Begin_Request.
However this issue has been reported most commonly on a page which is redirected to immediately after a user has just logged in. So for some reason the user is still being sent a 401 error when they are in fact authenticated. Any idea why this would be?
I have an ASP.NET web forms application that requires that requires that a user log in.
I have had the application running on a live server with an IP address pointing at it, to allow external customers to test it. e.g. http://1.2.3.4/application
Last week the customers decided that they were happy to switch their users to my application, and asked us to switch the existing URL across to it e.g. http://www.applicationurl.com
As soon as we did this, the login page stopped working:
- if you log in with an incorrect username or password, it correctly tells you that you have made a mistake
- if you log in with a correct username and password, no error message displays, but instead of redirecting to the next page, the user is redirected back to the login page
Just to be clear, no changes were made to the application - it is still running on the same server with the same config settings. If I log on using either the internal or external IP address then the application works fine - once logged on I am redirected to the default page; it is only when using the external URL that I keep getting redirected back to the login page. The .css and images all load correctly for the login page.
This is .NET 3.5 running on IIS7 on Windows Server 2003.
Could you check web.config file's forms Element for authentication:
Check the path attiribute. is it "/".
Check the domain (if set).
On consultation with our IT team, I learned that the company that supplies us with DNS names was proxying the calls to our web server. When we switched the domain name to directly calling our IP address, the issue was resolved. I guess the proxy must have been modifying the HTTP calls or blocking cookies or something.
The way to check whether this is happening is to ping your domain - in our case, it was returning the IP address and domain name of our DNS supplier rather than the IP address of our web server.
I have an application we bought that I need to integrate, and it uses jakarta connection to get to the application from IIS.
So, the basic operation is:
user goes to the url
Gets redirected to the application
SSO is enabled, so redirected back
to IIS for fetching of domain
credentials
Back to application
If username is blank show login
page, else let user in.
This is a simplification of all the steps, but the basic idea is here.
My difficulty is that I need both Windows Integrated Auth and anonymous on, as some users won't have credentials, and need to be prompted for a username/password.
I have looked at: IIS Windows Authentication before Anonymous already, but the user doesn't get to click on a link to decide. The application goes back to IIS looking for login.aspx and from there I want to either get their domain credentials or pass back to the application empty strings to signify that there are no credentials.
It seems this isn't going to be possible though as if anonymous is on it doesn't make the 401 request so the credentials aren't passed.
If I can't get this to work with just using an ASP.NET page, could it be done using an ISAPI filter, or a module?
UPDATE:
I found a possible solution, but I need to figure out how to get it to work, as my login page is on the JBoss server.
http://mvolo.com/blogs/serverside/archive/2008/02/11/IIS-7.0-Two_2D00_Level-Authentication-with-Forms-Authentication-and-Windows-Authentication.aspx
Keep the Authentication in the IIS as the Anonymous.
When loading the home page check the ACTIVE DIRECTORY for the current logged in USERNAME if exist
provide the extra functionality to current user or else with fewer options.
Refer --> Active Directory Cheking