I followed the steps on JHIPSTER to setup okta. When I try to login I always get the following output:
Login with OAuth 2.0
[invalid_id_token]
https://dev-992900.okta.com/oauth2/default
I cant resolve it. Additionally, I would prefer to be using a google identity provider. I am not sure how to setup the google identity provider, and additionally I cant even get the login setup correctly.
Please advise how to find answer for issue 1.
Deleted and re setup the configuration as per JHIPSTER documentation for okta setup. I tried adding my email to the groups, and tried it without a user added, with a user added.
Login with OAuth 2.0
[invalid_id_token]
https://dev-992900.okta.com/oauth2/default
security:
oauth2:
client:
provider:
oidc:
issuer-uri: https://dev-992900.okta.com/oauth2/default
registration:
oidc:
client-id: 0oa1aykbfvUKOJN4S357
client-secret: gpuNPCPBQWl_JJLAMZh6fFlc1XyuBoCTtKtm2JYD
OKTA CONFIG SCREENSHOT
OKTA CONFIG SCREENSHOT 2
OKTA CONFIG SCREENSHOT 3
OKTA CONFIG SCREENSHOT 4
I followed okta tutorial here: https://www.jhipster.tech/security/ and it does not work. Additionally I would prefer to use google identity service.
Alright, this is totally awesome, infuriating, and what drives me crazy. I found the issue which is now resolved. I set my windows 10 pc to automatic time. I cannot believe it was that, but I guess thats why token was invalid. It was the correct time but it wasnt set to automatic time sync. I had automatic timezone set though. I literally spent weeks stalled because of this :|
time automatic
Related
I am trying to setup Web Security Centre for my Google AppEngine App.
I tried using Google as well as Non-Google Account for Authentication where I provided Username and Password but it errors out saying
Could not sign in using the provided username and password
I tried below things:
Tried creating a test account vikash-security#gmail.com (in compliant with google naming convention) in my gmail and using the same for authentication. (this user had same domain name as my company's)
Created a test user with different domain name and used it for the authentication.
Both the above users have access to my Google App.
Both of the way did not work and throws the same error. Can anyone help me out with the same?
Google enforces a real name policy on G+ accounts. Your test account may be blocked from G+ if the name does not look real. at [1]. It will only work if the Google account you provided should have been G+ verified (with proper G+ setup), but still need to retry after the first failed attempt and it eventually will work.
There are few issues related to this and if this is a bug it will be resolved soon.
I raised this concern with the Google support team and got to know that there was issue from their end and they got this fixed and now my web security custom scan is working with non-google authentication.
I use Okta to securiry my jhipster app.
I am trying to follow this guide Create an App at the Identity Provider
Google and I config response_type: code
It works fine, but i get #code=ovy8omeh8NdmAl47iZ7BeS9YvAaPAfMYqBIed-evSxk&state=WM6D without logging in
When I click login again, I can login
Please help me! thanks very much
I am trying to authenticate my Azure Web App. Follow this doc
In my Azure Portal, I've selected "Authenticate / Authorization" for my Web App.
After I configure my Microsoft Account Authentication Settings with Client ID/Key from the App Registration page, I save the settings page and I'll see an error:
The errors says:
Failed to save Auth Settings for WebApp App:
{"Code":"Conflict","Message":"Cannot update the site 'WebApp' because
Authentication / Authorization was configured with an invalid issuer
URL ''. The URL must be well-formed, absolute, and use the HTTPS
scheme.","Target":null,"Details":[{"Message":"Cannot update the site
'WebApp' because Authentication / Authorization was configured with an
invalid issuer URL ''. The URL must be well-formed, absolute, and use
the HTTPS
scheme."},{"Code":"Conflict"},{"ErrorEntity":{"ExtendedCode":"04530","MessageTemplate":"Cannot
update the site '{0}' because Authentication / Authorization was
configured with an invalid issuer URL '{1}'. The URL must be
well-formed, absolute, and use the HTTPS
scheme.","Parameters":["WebApp",""],"Code":"Conflict","Message":"Cannot
update the site 'WebApp' because Authentication / Authorization was
configured with an invalid issuer URL ''. The URL must be well-formed,
absolute, and use the HTTPS scheme."}}],"Innererror":null}
I'm not sure what's the "invalid issuer URL" the issue is referring to.
This issue is not a general issue. This article is absolutely correct.
So I suggest you try to use another location to deploy your Web App and configure the Applicaiton again.
Also, this issue should be temporary, I have reported this.
Hope this helps!
I'm on the App Service team. This is a known issue which we are working to address - the behavior should be temporary. Our apologies for any issues this has caused.
I do not recommend the solution of moving to another region, as this is not guaranteed to work, and sites that do see resolution in this way may break again.
Please find our recommended workaround instructions in my response to this forum post.
For me it worked to add AAD as an auth provider with the default setting even though I'm not using it. I was then able to save my Facebook auth settings. This is a temporary workaround.
This answer from this discussion. Edit field "issuer" not working for me.
Last night a site that has been working fine for about six months started getting a 403 error when using Google OAuth. The authentication code hasn't changed, and I don't see any notes that Google OAuth suddenly changed either. I've tried re-issuing the client ID (including client secret) but that didn't fix it.
Details:
Full error: "Access Not Configured. Please use Google Developers Console to activate the API for your project." comes after this (scrubbed) request:
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fx.y.com%2Fauth%2Fgoogle%2Fcallback&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile%20https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&client_id=12345-abcdefg.apps.googleusercontent.com
The response header does contain this (scrubbed):
Location: https://x.y.com/auth/google/callback?code=4/MF-V...
which contains the code similar to what I see in the API playground.
Server setup: node.js running express with passport/passport-google-oauth.
I don't know what API needs to be enabled -- I sort of think this is a miss-sense error. None of the APIs in the "APIs & auth" section of the Developers Console appear to be relevant. I'm configuring OAuth under "APIs & auth > Credentials." This is not youtube or Google+ authentication.
I don't think this is the cause of your problem but you should be aware of it anyway. Using OAuth 2.0 for Login (early version)
Important: Google has deprecated the early implementation of OAuth 2.0
for login that is described in this document and will no longer
support it, after a migration period. If your app uses OAuth 2.0 login
(early version), you should either switch to Google+ Sign-In or update
your existing userinfo endpoints and scopes by the deadline given in
the migration timetable. For instructions, see Migrate or update OAuth
2.0 login.
Migration timetable says on Sept. 1, 2014 its gone: https://developers.google.com/+/api/auth-migration#timetable
We are having the same issues. I don't know if it is luck - or what, but a few minutes ago i finally started just enabling API's to see if it would help. I enabled Google+ Domains API, Google+ Hangouts API, Admin SDK. After not being about to login all day (same error that you were getting). I have logged in twice now.
I am trying to create a sample application here with federated authentication with Azure ACS
I have a asp.net web application with a default.aspx page
I want to upload this azure cloud.I want to authenticate users using Active Directory login credentials how can I create an working sample for this.
I was searching and I found I can make use of Custom STS ?Is this the right direction ?
I found an example from MSDN
http://msdn.microsoft.com/en-us/wazplatformtrainingcourse_windowsazureandpassivefederation2010_topic2#_Toc310436991
but I clouldn't make this working till now. (I am getting a message --This page can't be displayed).
Can some one point me to a working sample with step by step documentation.
I am using VS2010 on Windows8 machine,and azure sdk 1.7
I dont have an ADFS2.0 supported server machine available now.So I am just trying to make MSDN example working
I followed all the steps as mentioned there,but
when I debug ,I can see control reaches inside "WSFederationAuthenticationModule_RedirectingToIdentityProvider method"
if my assumption is right,it should redirect to Login.aspx page ,
but instead is simply showing message "This page cant be displayed"
You can use the how-to guide on windowsazure.com: How to Authenticate Web Users with Windows Azure Access Control Service. This will also work for Active Directory by simply using your ADFS as an identity provider instead of Windows Live / Google, no need to create a custom STS for this.
If you want something with a little more screenshots, I wrote the following guide for one of my trainings: http://sandrinodimattia.net/blog/posts/federated-authentication-with-azure-appfabric-acs-v2-0-part-1-setup/