I am following a tutorial on setting up realms.
I am protecting the URL http://fec.example.com:80 with a apache web agent pointing to my openam server.
When I access http://fec.example.com:80 I expect it to go to
http://subscribers.example.com:18080/openam/XUI/?goto=http%3A%2F%2Ffec.example.com%3A80%2F#login/
But instead it goes to:
http://subscribers.example.com:18080/openam/XUI/?goto=http%3A%2F%2Fopenam.example.com%3A18080%2Fopenam%2Foauth2%2Fauthorize%3Fresponse_mode%3Dform_post%26state%3D704b6f90-af10-214e-92bb-61b2ab1d05e5%26redirect_uri%3Dhttp%253A%252F%252Ffec.example.com%253A80%252Fagent%252Fcdsso-oauth2%26response_type%3Did_token%26scope%3Dopenid%26client_id%3Dwebagent%26agent_provider%3Dtrue%26agent_realm%3D%252Fsubscribers%26nonce%3D6F8D1B2B7D3EDD5547812671C2415BAB&realm=%2F#login/
Any ideas on how I can fix this?
Thanks
This means you are using Agent version 5 and this is now using OIDC to achieve SSO. Please have a look at the docs.
Related
We're looking to do some scraping on a specific URL that uses cloudflare. Has anyone experienced issues using Zombie.js/user-agents while trying to crawl cloudflare hosted sites.
Would love some help!
I am trying to interface to an API on a client's site and I am getting a 403 error indeed. The request doesn't even reach my server.
Turning security to "essentially off" did not help. The final solution was to white-list the developer machine's IP.
The error is triggered on a single URL (json serving API) with a Java client with standards compliant libraries.
Solution:
1. try to set a rule to allow direct access for that URL
2. try setting security to weaker and weaker ("essentially off")
3. if both fails: try whitelisting
4. set up an alternate non-cloudflare url (direct.domain.com)
These will of course only work if you can negotiate with the site owners.
Backup solution: use an embedded browser that you can "frame" and "remote control" or a testing framework that does the same through a plugin, and extract the content from there (if you can)
Hope this helps.
You're probably triggering one of our security features by trying to scrape a site on us. The only option, really, would be to ask the site owner to whitelist your IP(s) to override the behavior.
Anyone know how to make direct login URL for dd-wrt web interface.
Something like:
http://192.168.1.1/index.asp?user=root&pass=admin
If there is no solution please give me php example script. Thanks.
you can try this way, for more h
http://root:admin#192.168.1.1/Status_Router.asp
From the provided samples I got this URL that is supposed to provide an authorization code to the provide callBack URL
https://CONNECTIONSHOSTNAME/oauth2/endpoint/connectionsProvider/authorize?response_type=code&client_id=SocialDMS&callback_uri=http%3A%2F%2F_DEVELOPMENTHOSTNAME_%3A_DEVELOPMENTPORT_%2F_DEVELOPMENTServletPath_
The socialdms is registered as an application, but nothing happens.
The callback_uri is accessible from the connections machine.
What logging can I switch on on the Connections Server to troubleshoot this ?
Should the callback_uri be SSL enabled ?
That URL should return an authorization form to the end user.
Does the callback_uri match the value provided when registering the application with Connections?
Please enable logging for com.ibm.ws.security.oauth20.*=all and check the trace.log file.
The callback url should be SSL enabled.
To do this you might have to re register your application with Connection server. This might help :
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.0+documentation#action=openDocument&res_title=Registering_an_OAuth_client_with_a_provider_ic40&content=pdcontent
Yes.. the callback_uri should be SSL enabled.
HTTPS in the callback-uri seemed to do the trick
Magento 1.6
I'm looking for the correct way, to place images on a template, that are secured during a secure session, and unsecured, during an unsecure session. I've searched here and on the web and the only solution I have come to find is to use this call:
echo $this->getSkinUrl('images/imagename.jpg', array('_secure'=>true));
However, this ALWAYS loads the image in https, even when you are not in an https environment.
There has to be a dynamic way of setting this up.
Any help / insight available is greatly appreciated.
Thanks!
Did you try :
array('_forced_secure'=>true)
Check :
core/Mage/Core/Model/Url.php
I'm using php to redirect users to a directory protected with apache basic authentication. I'm using the following url format to automatically log users into this directory:
http://username:password#www.somewebsite.com/protected.
This works fine in all browsers except IE, which no longer supports passing the username/password in the url.
Is there another way for a web application to automatically log a user into a directory protected with apache basic auth?
Update: If possible, please disregard the inherent downsides of using apache basic auth and http unless you are able to provide a viable alternative that addresses this question...namely how I can automatically log a user into a protected directory. This is for a client that is already using apache basic auth. Thanks :)
Microsoft has an detailed explanation of this issue including different workarounds in their knowledge base. This should get you on to a good start.
Please do also take a look at my comment about mixing HTTP with Basic Auth. You usually don't want to do this if security is an issue. Always use HTTPS because Basic Auth is not encrypted.