When I try to launch any URL a proxy authentication dialog pops up for username and password. The code (java) stops once the dialog appears and doesn't move further or throw an exception.
How can i handle this?
Note: This is happening only with firefox(v 22.0). I am able to handle the authentication dialog in IE(v 7) using the Robot send keys.
Webdriver: selenium-server-standalone-2.35.0
Firefox version : 22.0
testNG version: 6.8.7
I think it is because you are trying to reach HTTP authenticated page. The workaround is send username and password in url request like this:
driver.get("http://username:password#your-test-site.com");
where driver is assumed healthy living instance of WebDriver
Related
I am trying to configure alfresco 5.0d community to use kerberos and SSO via active directory.
My setup works fine when I login in the alfresco form login page (without SSO),
However, When enabling SSO, I see this exception in the alfresco logfile:
KrbException: KDC cannot accommodate requested option (13)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:70)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:259)
After looking at it with wireshark, it seems like the difference in the TGS-REQ message is that when using SSO, there is an option flag called request-anonymous that is enabled. This causes the KDC to answer with a KDC_ERR_BADOPTION message.
Is there a way to configure kerberos to not set the request-anonymous flag?
Or alternitavely, is there a way to tell the KDC server to deal with it properly?
I got single sign in working but I don't know how to configure single sign out.
Here is what I've tried so far (without any success):
[My Service provider] -> Inbound Authentication Configuration -> [my issuer] -> Enable Single Logout is Checked (custom URL is not given)
What I try is to simply redirect the browser to the URL where login is configured with the following parameter:
https://localhost:9443/passivests?wa=wsignout1.0
So the login works perfectly with this URL: https://localhost:9443/passivests
As I understand there is nothing else I should do but WSO2IS does not remove the cookie and when I try with my other webapp it logs me in as if nothing happened.
I omitted wreply (as it is optional) so I expect that the browser is not redirected back to my application or login screen. This is the reason I try it with a different application. Also the other app is opened FIRST after logout and it still gets the claims. (I always test with a new incognito mode chrome window to avoid false negatives because of leftover cookies)
So is there anything else I should do or is it perhaps a known bug?
This is a known bug. I can't find the particular class right now but the logout function called when using WS-Fed is an auto-generated //TODO stub.
https://svn.wso2.org/repos/wso2/carbon/platform/branches/turing/components/identity/org.wso2.carbon.identity.sts.passive/4.2.0/src/main/java/org/wso2/carbon/identity/sts/passive/processors/SignoutRequestProcessor.java
I am working on a Symfony2 app. I'm using FOSUserBundle to handle authentication and recently integrated it with FOSUserBundle using this tutorial: https://gist.github.com/danvbe/4476697 .
The problem is:
I can login using the google api on localhost and everything works fine.
However when I try to login on a real server I get:
Error: invalid_request
device_id and device_name are required for private IP: http://<server_ip>/login/check-google
Request details:
response_type=code
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
redirect_uri=http://<server_ip>/login/check-google
client_id=<my_id>
Google documents don't mention these two parameters. I tried to manually send a request with device_id being a UUID and device_name set to "notes". The response I get this time is:
Error: invalid_request
Device info can be set only for native apps.
Request details:
cookie_policy_enforce=false
response_type=code
device_name=notes
scope=https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
redirect_uri=http://<server_ip>/login/check-google
device_id=4b3403665fea6
client_id=<my_id>
Now, what am I doing wrong?
Google will not accept a local (private) IP address when doing Oauth or API calls. My workaround was to add an entry in my Windows hosts file for the local IP:
\Windows\System32\drivers\etc
192.168.1.2 fakedomain.com
then register it with Google in their dev console. That appears as a "real" domain to them, but will still resolve in your browser or code to the local IP. I'm sure a similar approach on Mac or Linux would also work.
It really looks like your using the wrong flavor of oauth. device_id is used with Devices. I would really expect you to be using the WebServer flow. You may need one of the other flows as I don't see enough detail here to judge, but they all can be found at the links.
I'm using Workilight version 6.0 and I'm trying to use a security test with Workilght's adapter.
First of all, I developed a login page and home page where I'll display some informations after the user will be authenticated.
The authentication seems to be OK because I'm getting the user information and session Id which I'll sent in the cookie of the next HTTP adapter using the security test.
The problem is that I'm getting NullPointerException from the specified adapter but when I execute the request with RestClient, I get the response so the WS is OK.
Any body have an idea about how to that ?
PS: my code was working on worklight V5.0 but not with V6.0
I resolved this issue by deleting non useful Security Test like "MobileSecurityTest".
So before testing your adapter make sure that your declaration in the "authenticationConfig.xml" file is well done.
For more information about that, you can visit this URL :
http://public.dhe.ibm.com/software/mobile-solutions/worklight/docs/v600/08_03_Adapter_based_authentication.pdf
In addition, you have to figure out the root response in the adapter response to see first how looks your received data, otherwise you may be will receive a "NullPointerException" as response if you attempt to get for example "response.result" and the attribut "result" doesn't exist.
Hope that help you for future issues like I got.
This is my first post with this account, and Ive been struggling for the last week to get this to work, so I hope someone can help me get this working.
Im trying to pull some data from https://api.connect2field.com/ but its rejecting all of my authentication attempts from python (not from a browser though).
The code Im using
import urllib.request as url
import urllib.error as urlerror
urlp = 'https://api.connect2field.com/api/Login.aspx'
# Create an OpenerDirector with support for Basic HTTP Authentication...
auth_handler = url.HTTPBasicAuthHandler()
auth_handler.add_password(realm='Connect2Field API',
uri=urlp,
user='*****',
passwd='*****')
opener = url.build_opener(auth_handler)
# ...and install it globally so it can be used with urlopen.
url.install_opener(opener)
try:
f = url.urlopen(urlp)
print (f.read())
except urlerror.HTTPError as e:
if hasattr(e, 'code'):
if e.code != 401:
print ('We got another error')
print (e.code)
else:
print (e.headers)
Im pretty sure the code is doing everything right, which makes me think that maybe theres another authentication step that ASP.net requires. Does anybody have any experience with ASP.Net's authentication protocol?
Im gonna be checking this post throughout the day, so I can post more info if required.
Edit: Ive also tried running my script against a basic http auth server running at home, and it authenticates, so Im pretty sure the request is set up properly.
It appears that IIS is set up to do basic authentication, ASP.NET will be most probably be configured to use windows authentication.
As you have said that authentication works via browser, so the best bet for you is to use tool such as fiddler to capture request/response when connecting via browser and also when connecting via your code. Compare them to troubleshoot the issue.
For example, I remember a case where the web site first requested authentication credentials and then re-directed to different url which prompted for different credentials.