Is it correct that the eureka and config endpoints provided by the jhipster-registry are not secured or am I doing something wrong?
I started the jhipster-registry (latest docker image) with oauth2 profile and a keycloak configuration. When I try calling the eureka/apps REST endpoint without basic authentication I get the login page html of keycloak - that's ok. If I send the basic authentication header I always get a result - even if I send it empty or with a user that does not exist.
Is this the intended behaviour or am I missing some configuration?
Thanks!
Kristina
Related
We've enabled authentication on our Azure api app and it's working well. Clients are required to retrieve a oauth2 token for authentication and authorization to the service. Our service is a Express Node.js application and we are leveraging apidoc for the service documentation.
I can't figure out from the authentication configuration how to allow access to a url path without requiring authentication. For example:
https://app-myservice-staging-001.azurewebsites.net/constituents should require authentication
but the documentation url
https://app-myservice-staging-001.azurewebsites.net/apidoc should not
Current with authentication enabled everything under https://app-myservice-staging-001.azurewebsites.net is protected.
Is this possible and if so where do I need to look?
Answer based on link provided by amit_g. We opted to add our excludepath directly to our authsettingsV2 config using the Azure Resource Explorer since the /apidoc/* path applies to all our services.
If I deploy a spring boot application as a azure app, I can externalize the authentication by
using azure API management and configuring oauth2 etc
using the authentication options of azure app service.
As such I don't need to configure any authentication in my spring boot application.
All that works fine and I can find a lot of info about that. What I cannot find is: how do I retrieve the logged on user in my application in such case? How is that information passed to my application?
If you are using oauth2 you should be able to fetch the username from JWT token/via an api call. You can refer this link which tells you how to read jwt token. Once you have the username then you can add it to a custom header and pass to your backend application. Follow this link to understand how to add custom header to your request in api manager to be passed to your back end
I'm trying to integrate ServiceStack.Authentication.IdentityServer plugin with an Identity Server 4.
When calling the protected ServiceStack endpoint from browser, the browser redirects to the authorize endpoint as below
https://localhost:5001/connect/authorize?client_id=simplehr&scope=openid%20offline_access&redirect_uri=https://localhost:5004/auth/IdentityServer&response_type=code%20id_token&state=8749c226e65646079c53ba403b51ef3e&nonce=291873debfd14de8b360c11cffbba3db&response_mode=form_post
In this case, https://localhost:5001 is my Identity Server 4, and https://localhost:5004 is my ServiceStack server.
After this step, the browser sends a POST request to ServiceStack's IdentityServer auth provider endpoint as expected. However, this endpoint returns a 302 back to the Identity Server's authorize endpoint. The response looks like
Location: https://localhost:5001/connect/authorize?client_id=simplehr&scope=openid offline_access&redirect_uri=https://localhost:5004/auth/IdentityServer&response_type=code id_token&state=8749c226e65646079c53ba403b51ef3e&nonce=f13048835b6e47f09a8c86882d2db320&response_mode=form_post
Therefore, my browser falls into an infinite loop.
Could anybody shed some light on how I can get over this? Thanks.
If you have an issue with the ServiceStack Community NuGet package, please raise an issue with the project directly:
https://github.com/wwwlicious/servicestack-authentication-identityserver
Please also note that ServiceStack's latest v5.5 Release includes support for IdentityServer4 Auth in ServiceStack via the mvcidentityserver .NET Core project template.
I use jhipster 5.4.1. simple monolithic app with OAuth2. I try with both angluar or React generation.
It works with Keycloak local test.
I follow all instructions from https://www.jhipster.tech/security/ for Okta.
And then, I have error 404 when jhispter app trying to access okta
https://dev-796955-admin.oktapreview.com/error/404?fromURI=%2Foauth2%2Fdefault%2Fv1%2Fauthorize%3Fclient_id%My okta client id is here%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8080%2Flogin%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%some state
Are Instructions :
specify http://localhost:8080 as a Base URI and
http://localhost:8080/login as a Login Redirect URI
in okta web app correct ?
Remove the “-admin” from your Okta URL and everything should work.
I'm working on creating an app that will provide authentication using the OAuth2 protocol to serve known clients using the app's Strategy.
I have tried using both the oauth2orize, and node-oauth2-provider modules, and I keep getting the to same point:
User logs in through client, api key and api secret are verified, and the user can successfully log in through my provider app.
After the client app, and the user successfully authenticate, a token is sent back to the client app (user is logged in the client - yay!), but the user is immediately logged out on the Provider app. I cannot figure out where, and why this happens - is this a feature of the OAuth2 protocol?
Is this normal? If I use Facebook as a strategy (think passport-facebook), then if I log in to any app using Facebook, I am still logged into Facebook when I'm redirected back to the app - this is the behavior I want to provide clients accessing my app.
Both Provider modules are great at doing 90% of what I'm looking for, but neither provide the "persistent" login in their examples, oauth2orize, and node-oauth2-provider. Am I missing something?
Um, I think I got it.
I was running both the client and server on localhost, using different ports - and cookies/sessions were overwriting each other.
So if client express app was running on http://localhost:3000 and oauth provider was running on http://localhost:3001, logging into the oauth provider and creating a session on the client was overwriting the session on the provider.
Solution (for now):
# /etc/hosts
127.0.0.1 dev.client.com
127.0.0.1 dev.oauth-provider.com
Logging in to http://dev.client.com:3000 takes me to http://dev.oauth-provider.com:3001 and when a user successfully logs in and a session is created on client, provider is still logged in.