I use jhipster 5.4.1. simple monolithic app with OAuth2. I try with both angluar or React generation.
It works with Keycloak local test.
I follow all instructions from https://www.jhipster.tech/security/ for Okta.
And then, I have error 404 when jhispter app trying to access okta
https://dev-796955-admin.oktapreview.com/error/404?fromURI=%2Foauth2%2Fdefault%2Fv1%2Fauthorize%3Fclient_id%My okta client id is here%26redirect_uri%3Dhttp%3A%2F%2Flocalhost%3A8080%2Flogin%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26state%some state
Are Instructions :
specify http://localhost:8080 as a Base URI and
http://localhost:8080/login as a Login Redirect URI
in okta web app correct ?
Remove the “-admin” from your Okta URL and everything should work.
Related
Here is the problem.
I have an .net core web-api application with azure-ad authentication.
When I've added necessary AzureAD section to my appsettings.json file and redirect url-s to appregistration my backend worked fine.
But later I added build of react project to wwwroot folder and now, when I try to call backend method with authorize attribute I get CORS error from Loginmicrosoftonline
[CORS error from Loginmicrosoftonline]
First of all, web api project should be a daemon application so it doesn't have a sign in page as normal, nor a redirect url for AAD. And we can integrate AAD to protect our api but the api shouldn't ask users to sign in first.
In your scenario, it looks like you want to let users sign in in your react frontend app, then generating access token to calling the protected web api. I think you need to refer to this sample to integrate MSAL library in your react app(this sample containing an api written in nodejs, you can ignore api part since you had asp.net core api), and this sample for protecting your web api. You may also take a look at this answer.
And go back to your CORS issue, it appeared because you didn't use MSAL.js in your react app but directly going to the login URL. Microsoft identity platform required developers to use the library. I used to using ajax request to send a get request to the login url, and I got Cors issue as well.
We've enabled authentication on our Azure api app and it's working well. Clients are required to retrieve a oauth2 token for authentication and authorization to the service. Our service is a Express Node.js application and we are leveraging apidoc for the service documentation.
I can't figure out from the authentication configuration how to allow access to a url path without requiring authentication. For example:
https://app-myservice-staging-001.azurewebsites.net/constituents should require authentication
but the documentation url
https://app-myservice-staging-001.azurewebsites.net/apidoc should not
Current with authentication enabled everything under https://app-myservice-staging-001.azurewebsites.net is protected.
Is this possible and if so where do I need to look?
Answer based on link provided by amit_g. We opted to add our excludepath directly to our authsettingsV2 config using the Azure Resource Explorer since the /apidoc/* path applies to all our services.
Problem: I am trying to integrate SAML SSO using Keycloak with HapiJS framework for NodeJS. I am getting "Invalid request" when the user is redirected to Keycloak as shown below. The npm package I am using is "hapi-passport-saml".
What I already tried:
HapiJS + Okta (SAML): By using this same npm package "hapi-saml-passport", I was able to integrate Okta SAML with my app and it is working successfully.
ExpressJS + Keycloak (SAML): Instead of HapiJS, I have successfully integrate keycloak with ExpressJS using packages "passport" and "passport-saml". But unfortunately these packages can't be used with HapiJS (if you know how to use these with HapiJS, please share that also).
Hapi + Keycloak (OpenID connect): I was able to integrate "OpenID connect" with Keycloak and HapiJS using package "hapi-auth-keycloak". But I want to integrate SAML, not OpenId connect.
There are multiple npm packages available for integrating OpenID connect with Keycloak and HapiJS, but none of them is supporting SAML.
Pointers I noted:
While integrating keycloak SAML with ExpressJS, I saw that a "SAML Request" is being appended in the URL while redirecting to keycloak as shown below (highlight blue in network requests) but in case of HapiJS, this request is not being appended (shown in network tab in screenshot 1):
I have an app on MERN stack in which react app runs on port 3000 while nodejs app runs on 3001 in development environment .
I want to integrate Keycloak in app.I started Keycloak instance and created Realm named MERN in which i created two clients one is react which is public client and other is node which is bearer-only client .
I created one user also
I integrated the keycloak on react with react keycloak client configuration and got access token and passed it to Authorization Bearer on backend.
I configured the NodeJs app with node keycloak client ..
keycloak provides method keycloak.protect() to protect Apis which is not working it always gives Access Denied.
There is another method in keycloak getAccount which takes bearer token parameter and returns account in promise object.
I extracted the token from Authorization header and passed it to getAccount which returned account.
For key cloak configuration i download it from installation tab in client and haven't done any tweak just copy pasted code from keycloak nodeJS docs.
So i am not feeling any need to write code or configuration here.
For testing you can generate app from express-cli and create-react-app.
For reactJs i used library called keycloak-js and for nodeJs i used keycloak-connect.
Question is why keycloak.protect() is not working??
If anyone knows answere please tell me.
I am trying to authenticate to a server from my React-Native app using Azure AD.
Now, I don't understand what is a redirect URI and I don't understand where should I put my server's URL in Azure and what URL should I call from my React-Native app.
Documentation for it is quite confusing.
I don't understand what is a redirect URI
For React-Native app, the redirect_url is optional. Refer to this document for more details.
An url that ADLoginView will be redirect when login success, this property is optional.
I don't understand where should I put my server's URL in Azure and
what URL should I call from my React-Native app.
You needn't put your server's url in Azure.But you need to add authentication to your server. Then you can call your server api as normal, but with the Authorization header. This sample will help you to understand better though it is using aspnetcore.
You need to create register two applications in Azure portal. Client app and server app. You will get the access token via your native app and then use it to access your server app.