I am integrating Drupal and OKTA. When I try to access my website I am being redirected to Okta for login. But after successful authentication I am not being redirected back to my website.
I am following a SP initiated workflow. My log message in OKTA is as follows.
Is there a way I can have more debugging information from OKTA to figure out what is going on and what setting is wrong?
My suspicion is that the target resource in the SAML template isn't correct but several things could be going on. A valuable tool to help debug this is the SAML tracer extension to Firefox.
https://addons.mozilla.org/en-us/firefox/addon/saml-tracer/
It was becuase of the redirect url not set properly in the IDP and the port number issues on my server.
If you are interested in the detailed set up please checkout https://www.youtube.com/watch?v=IEtNUAM79K8
Related
I am developing an ASP.net web app which uses Facebook authentication and up until August or September the Facebook login feature was working correctly.
I took a break from developing the app for a month or so, and recently resumed development. I tried it again recently to login to the app with Facebook, and I get this error message:
"URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings. Make sure Client and Web OAuth Login are on and add all your app domains as Valid OAuth Redirect URIs."
I haven't changed any code from my app since September or August, so something must have changed in the way Facebook processes its logins.
I have made changes to the Facebook app settings to try and fix this but nothing works.
My current settings look like this:
Client OAuth Login: Yes
Web OAuth Login: Yes
All the other settings under the Facebook Login product are set to No.
My current redirect URIs look like this:
https://myapp.azurewebsites.net/api/ExternalLogin/Facebook
https://myapp.azurewebsites.net/api/ExternalLogin/FacebookCallback
https://myapp.azurewebsites.net/api/signin-facebook
https://myapp.azurewebsites.net/api/ExternalLogin/Facebook/signin-facebook
Originally I only had the "/FacebookCallback" URI. I only added the others following suggestions from other questions here on Stack-overflow, but I am still getting the same error message.
Can anyone help me figure out what am I missing?
Please make sure:
Your App IDs and Secret Keys are correct. The App IDs and Secret Keys are all different for each app. These often cause the problem.
Your App domain set to:
myapp.azurewebsites.net
Your site URL set to:
http://myapp.azurewebsites.net/
You have set URI properly like:
http://myapp.azurewebsites.net/facebook/login/callback/
Update:
Make sure you have placed / at the end of your all URIs.
https://myapp.azurewebsites.net/api/ExternalLogin/Facebook/
https://myapp.azurewebsites.net/api/ExternalLogin/FacebookCallback/
https://myapp.azurewebsites.net/api/signin-facebook/
https://myapp.azurewebsites.net/api/ExternalLogin/Facebook/signin-facebook/
OR
localhost:44396/api/ExternalLogin/FacebookCallback/
I've trying to find the answer but after reading a bunch of documentation I think it's not possible, but I would be a nice feature. The problem is I want anyone to access the cached repositories but I don't want them to access the web user interface.
The only way I have figured out is tweaking the nginx configuration to allow access only to certain endpoints like raw repository view. Anyway it has some problems which I've not totally resolved.
You could set up a SAML SSO redirect that forces a user to login, and if they fail they are not redirected back to the Artifactory instance. That's the only way I know of that won't let users even look at the front page of Artifactory.
They would get caught on step 3 after an automatic redirect: SAML SSO Login Process
The obvious downside with this is that you need to have a SAML SSO setup in the first place.
I am new to wordpress. And I am designing a webvsite that needs the social login buttons.
I have found some plugins, and also used the developers.facebook.com login button, but it is not working with my localhost server. I have also used the Like button from the same site. and
it is working properly.
Same problem is happening with google+. Am I missing something?
Please reply soon..
Thank you!
You can't implement social login w/o appID in it's services, it's public but not transparent.
To enable social login you will need a valid callback URL, so app will know where to redirect user after successful auth. This part is pain in the ass, because you don't have domains at development stage. Plus you will need to configure cookies / sessions to handle authentication at valid domain scope.
If you want to properly configure oAuth or other auth service - do it on isolated production server.
I have configured thinktexture identity server which is connected with my database for authentication and returning the claims in response.
Now I am able to use STS in my website. Behavious of STS is, user is getting redirect to STS website login page for authentication and response is getting retun to my website after successfull login.
I want to implement a little bit different. I want to use Login page from my website itself instead of using this from STS so that stsyle and theming can be displayed as per my website.
Also want to implement many other password control features ie Password expiry warning, force change password etc can be implemented within the website.Please suggest the approach
Look into the WS-Trust endpoints that IdentityServer supports.
After a lot RnD, we finally reach at conclusion that it cannot be achieved.
It will always redirect to identity server URL for authentication.
We are testing an OpenID DotNetOpenAuth ASP.Net website on a subdomain named like test.xyz.com, and both http and https are enabled. We also enabled "requireSSL". We are getting this error when we try it with the Google Apps OpenID endpoint:
Login failed: Sorry. This site only
accepts OpenIDs that are
HTTPS-secured, but
http://xyz.com/openid?id=102043883906843397279
is not a secure Identifier.
I'm not sure what we are doing wrong. Maybe I forgot to setup something?
Am I right if I say that http://xyz.com/openid?id=102043883906843397279 is just an ID, not a functionning link?
Carl
We simply disabled requireSSL in DotNetOpenAuth and it now works. Not yet sure of it's use.
Carl