Is there is a method through which we can add secrets such as user/pass the shell or ssh key or ssl certificates?
For example, if we add in onelogin a database, how can we add the credentials for db in onelogin?
Can you please provide us with a guide if such an option is possible?
You can use "Secure Notes" feature.
https://onelogin.service-now.com/support?id=kb_article&sys_id=9ff95543db109700d5505eea4b96199c
Related
I am trying to use custom policy to create a passwordless signin/signup flow in azure b2c. I have modified this sample a little bit and using it. So now I am able to see the login and signup screens but when I am trying to login or signup , the process starts and goes ahead but finally it gives me an error saying - AADB2C: Encryption key must be a 256-bit key error. The user signup actually happens behind the scenes because I am not able to use the same email id again to signup, so the issue is with the sigin operation actually.
I checked this answer but it did not help.
Have been trying to find the solution for very long time. Desperately need some help. Thanks.
Likely you have created the B2C Policy Key (TokenSigningContainer) incorrectly.
Delete the B2C Policy Keys that you have setup.
Run the setup tool here - It will reprovision the B2C starter pack, and create the keys automatically if they do not exist.
Run the quick deploy for this passwordless sample here.
As you said you have checked the provided answer but can you check again the key created from the following uri? The error suggest that there is an issue while key was created. If possible delete the key and recreate it with same name used in code.
I had this same problem. My issue was the encryption key was set to signing instead of Encryption.
When creating the Signing, and Encryption Key's under the Policy Keys section of the Identity Experience Framework. Please double check that they are both of type RSA and that the "signing" key is configured for signing, and the encryption key is configured for encryption.
I'm using TLS to authenticate clients logging into my server.
I would like to set up some role-based access so that when they log-in, they can only access certain information based on their role.
What is the best way to accomplish this? Can you specify the role when you create the client certificate? Do you do it based on some other attribute of the client?
Thanks!
You could put the role info into the certificate (as a custom X.509v3 Extension), but then if you ever need to change their role, then you need to revoke and re-issue the certificate. That seems like a headache.
Better would be to treat "Authentication" and "Authorization" separately. Use the certificate as "Authentication"; ie the certificate proves that they are the user listed in the DN and SANs, then you look up that DN in an "Authorization" service / database that tells you what permissions that user should have. If you want to get really fancy, the authorization service could return a signed JWT with their username/DN and permissions, sorta like a custom SAML/OIDC claim.
As a bonus, this system will scale nicely if you decide to add alternative authentication methods in the future such as API keys, MFA, etc.
I want to connect my own system to gitlab only for authentication.
After that i should be able to manage all the usernames and passwords of gitlab through my system.
Could you please help me to solve this scenario. Thank you.
That would be using the GitLab User API (as admin of your GitLab instance)
You can then add SSH keys for a user, or modify an existing user account (including their password)
You can do so through any number of GitLab API client.
I was trying to setup LDAP auth in Presto and was able to configure "user-based" authentication but have some issue with configuring "group-based" auth.
I'm always receiving message that my user is not in LDAP group while ldapsearch utility shows that I'm in.
I did not found any parameter/option in config.properties to use to pass user/password for LDAP search (I suppose that functionality used to find in user is in AD group) while in our infrastructure anonymous searches are restricted. So it might be the case.
It would be nice if someone will tell me:
are there any parameter (maybe undocumented) to provide user/password
to query ldap?
any workaround to implement "group-based" search?
thanks
I set up an RCS server (hybrid ircd). I would like to secure it with authentication. But my user credentials are stored in a database table.
1- I cannot find anywhere documentation on how to configure the "auth" section of httpd.conf.
2- From what I understand I could use an authentication service (identd) but I don't understand how this works, how to set it up, and how to configure this to use a database table for credentials.
Please give me a hand with this.
By using InspIRCd instead, I can use this SQL authentication module:
http://wiki.inspircd.org/Modules/1.2/sqlauth
Problem solved!