I'm doing a project with Symfony2 and I want to use Google/Facebook/Twitter for connection. So I installed HWIOAuthBundle, but I got this error when I update my composer.json
"The child node "firewall_name" at path "hwi_oauth" must be
configured.".
Thanks for you help !
Yes, and if you read the doc :
(it gives the config... )
Step 2: Configuring resource owners
HWIOAuthBundle creates a dedicated service for each resource owner you
want to use in your application. These resource owners will be used in
the oauth firewall. The bundle ships several pre-configured resource
owners that need only a little configuration.
To make this bundle work you need to add the following to your
app/config/config.yml:
app/config/config.yml
hwi_oauth:
# name of the firewall in which this bundle is active, this setting MUST be set
firewall_name: secured_area
# an optional setting to configure a query string parameter which can be used to redirect
# the user after authentication, e.g. /connect/facebook?_destination=/my/destination will
# redirect the user to /my/destination after facebook authenticates them. If this is not
# set then the user will be redirected to the original resource that they requested, or
# the base address if no resource was requested. This is similar to the behaviour of
# [target_path_parameter for form login](http://symfony.com/doc/2.0/cookbook/security/form_login.html).
# target_path_parameter: _destination
Related
I have two firewalls in my Symfony (5.4) application.
What I want is to create a login link for another firewall (where the login_link is configured) while logged in into the other firewall.
Currently the system doesn’t allow that (No Symfony\Bundle\SecurityBundle\LoginLink\LoginLinkHandler found for this firewall. Did you forget to add a "login_link" key under your "admin_area" firewall?)
Is there a way to tell the login link creator to create the link for a specific firewall? (I didn’t see it in the implementation so I don’t really know).
UPDATE 2022-06-10: Beginning with Symfony 6.1, just use the new Autowire-Attribute like this:
public function myLoginLinkAction(
User $myUser,
#[Autowire(service: 'security.authenticator.login_link_handler.my_other_firewall')] LoginLinkHandlerInterface $myOtherFirewallLoginLinkHandler,
): Response
{
// …
$loginLinkDetails = $myOtherFirewallLoginLinkHandler->createLoginLink($myUser);
// …
}
For older Symfony versions:
The solution is to inject the concrete link handler service for my other firewall using an alias defined in security.yaml (where the other firewall that we want to build login links for is named "my_other_firewall"):
services:
# define a concrete alias for the login link handler of the
# my_other_firewall firewall to avoid the FirewallAwareLoginLinkHandler
# that always uses the current request's firewall
Symfony\Component\Security\Http\LoginLink\LoginLinkHandlerInterface $myOtherFirewallLoginLinkHandler: '#security.authenticator.login_link_handler.my_other_firewall'
Then, when I inject the LoginLinkHandlerInterface to my login link building controller, I use the defined parameter name $myOtherFirewallLoginLinkHandler and get the correct LoginLinkHandler injected instead of the FirewallAwareLoginLinkHandler that only exists to use the LoginLinkHandler defined for the firewall of the current request.
This solves the problem the documented way to use concrete implementations, when more than one implements a certain interface.
I want to write a script that send notification mails to users and execute it every hour and I want it to match the server name that host the symfony site. I've already tried with $_SERVER but it's not defined and the solution on this post but there is no request with the console so it's does work.
Since there is no traditional 'web request/response' thing in console command, all URLs you generate with {{ path('...') }} in twig or $this->generateUrl('...') or similar controllers/services´, will be probablyhttp://localhost/...
To fix that, simply add: (if you're on symfony 5.1+)
# config/packages/routing.yaml
framework:
router:
# but you should move it to your .env file and user two differen env-variables for host and scheme
default_uri: 'https://you-site-hostname.com/'
or if you are using older version, put
router.request_context.scheme and router.request_context.host to you parameters. Like
# config/services.yaml
parameters:
router.request_context.scheme: 'https'
asset.request_context.host: 'you-site-hostname.com'
Take a look here: https://symfony.com/doc/current/routing.html#generating-urls-in-commands
And here (my personal advice) https://symfonycasts.com/screencast/mailer/route-context
OpenAM version -12 , Agent version 3.5 and 3.3 , tomcat version 7
I have tried to follow the link https://forums.alfresco.com/forum/installation-upgrades-configuration-integration/authentication-ldap-sso/sso-openam-06052012 to set up my J2EE Agent. Let me paste the steps after asking the question(see at the end)
but I am getting the error as asked below
Not able to configure J2ee agent on adding my customized data store for users
I have tried to use 3.5 version installed and uninstalled multiple times and tried previous version.
There is a nice discussion on this topic at http://database.developer-works.com/article/16009911/%22Cannot+obtain+Application+SSO+token%22+error
but it did not help me much.
I am using LDAP so I have used LDAP realm and subjects are showing up ok. Also I am observing that the policy tab has changed quite a bit from how it is described in the Blogs.
Now with the roadblock I am not sure how to proceed as the error is not giving me any clue what to do. I even added the file named AMConfig.properties in the classpath with username and password of the agent and tried the username and password of the OpenAM admin too as suggested in the discussion mentioned. but that too did not help.
The issue is the Tomcat now is not starting and giving error that AMConfig.properties properties are needed
I know the OpenAM Realm setup is good as I am able to login via this realm to another application (Liferay) where I just have to give the URL for use OpenAM integration. but after uninstallation of the agent the tomcat starts without any error and i am able to login to the application
-------------------Step copied from 1st link(modified)--------------------------
1. Configure your OpenAM agent (tried both 3.5 and 3.3 version on tomcat 7)
a. Log into OpenAM as the admin user and navigate to "Access Control -> (Your Realm) - where in my case LDAP Realm (other application using it without issue)
b. Select Policies -> New Policy
c. Enter Share as the policy name and then create 2 new URL Policy agent rules
d. 1st Resource Name = http://:/share/*
e. 2nd Resource Name = http://alfresco.domain.com:8080/share/*?*
f. Add a subjects - already part of LDAP Realm
g. Now select Agents -> J2EE - > (your J2EE agent)
h. Select the Application tab
i. Login Processing -> Login Form URI - add /share/page/dologin
j. Logout Processing -> Application Logout URL - add Map Key = share - Corresponding Map Value = /share/page/dologout
k. Not Enforced URI Processing - Add 2 entries - /share and /share/
l. Profile Attributes Processing - Select HTTP_HEADER and add Map Key = uid - Corresponding Map Value = SsoUserHeader (This is what I called my header in the alfresco-global.properties file - see below)
Auth chain
authentication.chain=external1:external,alfrescoNtlm1:alfrescoNtlm
alfresco.authentication.allowGuestLogin=true
SSO settings
external.authentication.enabled=true
external.authentication.defaultAdministratorUserNames=admin
external.authentication.proxyUserName=
external.authentication.proxyHeader=SsoUserHeader
NOTE- It does not seem possible to configure SSO where the Guest login has been disabled. There are webscripts used on the Alfresco repository that need guest login.
That concludes the setup for Alfresco and OpenAM
For Share you need to have the following section uncommented in your share-config-custom.xml
alfresco/web-extension/alfresco-system.p12
pkcs12
alfresco-system
alfrescoCookie
Alfresco Connector
Connects to an Alfresco instance using cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
alfrescoHeader
Alfresco Connector
Connects to an Alfresco instance using header and cookie-based authentication
org.alfresco.web.site.servlet.SlingshotAlfrescoConnector
SsoUserHeader
alfresco
Alfresco - user access
Access to Alfresco Repository WebScripts that require user authentication
alfrescoHeader
http://alfreso.domain.com:8080/alfresco/wcs
user
true
Notice I am not using the SSL cert and in my alfrescoHeader connector I have used SsoUserHeader (as setup in OpenAM) and the endpoint uses the alfrescoHeader connector
Now you need to add the OpenAM filter to the Share web.xml file
Add the following filter just before the Share SSO authentication support filter
Agent
com.sun.identity.agents.filter.AmAgentFilter
Add the following filter mapping to the filter-mapping section
Agent
REQUEST
INCLUDE
FORWARD
ERROR
----- End ----------
The error message is a bit misleading: the Cannot obtain application SSO token in general means that the agent was unable to authenticate itself. When you install the agent, the agent asks for a profile name and a password file, those values need to correspond to the agent profile configured within OpenAM.
To test if you can authenticate as the user, you could simply try to authenticate as the agent by making the following request:
curl -d "username=profilename&password=password&uri=realm=/%26module=Application" http://aldaris.sch.bme.hu:8080/openam/identity/authenticate
In the above command the realm value needs to be the same as the value for the "com.sun.identity.agents.config.organization.name" property defined in OpenSSOAgentBootstrap.properties (under the agent's install directory).
Having bad username/password combination is only one of the possible root causes for this exception though. It is also possible that during startup the agent was unable to connect to OpenAM to authenticate itself. In those cases the problem could be:
network error, firewall issues preventing the agent from contacting OpenAM
SSL trust issues: agent's JVM does not trust the certificate of OpenAM's container (only problem if you've installed the agent by providing OpenAM's HTTPS URL and the certificate is self-signed or just simply not trusted by the JVM)
I'm using symfony2 and its login system through security.yml
When I log in with correct credentials , I get redirected to the correct page but will still have the anonymous in the profiler bar.
when I remove this line :
ini_set('session.cookie_domain', '.domain.com');
it works.
I need that line because my socket server is running on domain.com and I'm developing on sub.domain.com
How can I fix this problem ?
Thanks!
Configure your cookie domain in the framework configuration, instead of calling ini_set():
# app/config/config.yml
framework:
session:
cookie_domain: .domain.com
Reference: http://symfony.com/doc/current/reference/configuration/framework.html#cookie-domain
I am applying this tutorial into symfony 2.4, I've finished the setup in the config.yml and everything, I managed to visit the admin/google/analytics page, but the problem is when I tried to authenticate with the parameters I've created in the config.yml file, it is searching for the scope, here is the parameters.
happy_r_google_analytics:
host: www.example.com
profile_id: MyProfileId
tracker_id: UA-TRACKER-ID
token_file_path: %kernel.root_dir%/var/storage
happy_r_google_api:
application_name: Project Default Service Account
oauth2_client_id: OAuthClientID
oauth2_client_secret: OAuthClientSecret
oauth2_redirect_uri: http://www.example.com/app_local.php/admin/google/analytics/oauth2callback
developer_key: DevelopperKey
site_name: http://www.example.com
I think there's no problem here, I've got no idea where I can set the scope so the google Api client can set it to https://www.googleapis.com/auth/analytics.readonly
You need to define a scope. If you use Google Auth, check Authorization scopes for it.
You must do something like:
$googleClient = new \Google_Client();
$googleClient->setScopes(array(
'https://www.googleapis.com/auth/plus.me',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
));