I am trying to configure Rocket.Chat to authenticate using Keycloak, with the hope of integrating Rocket.Chat to out custom CRM developed using JSF. I cannot use any other technology.
The challenge is right now I have failed to figure out how to configure Rocket.Chat to even authenticate with my Keycloak server. I have tried solutions here https://github.com/RocketChat/Rocket.Chat/issues/3897 and here https://github.com/RocketChat/Rocket.Chat/issues/7418 but to no avail.
What configurations are required to make this authentication work?
Under /admin/OAuth, I added Custom Aauth with the following parameters
enable=true,
url=http://localhost:8580/auth,
tokenPath=/realms/cdi/protocol/openid-connect/token,
tokenSentVia=Header,
identityTokenSentVia=Header,
identityPath=/realms/cdi/protocol/openid-connect/userinfo,
authorizePath=/realms/cdi/protocol/openid-connect/auth,
scope=openid,
id=rocket,
loginStyle=redirect,
usernameField=preferred_username
I also defined a realm named cdi on Keycloak, and added a couple of users to it. However, when I try to login to Rocket.Chat using these users defined in Keycloak, authentication fails with message "User not found or incorrect password". There is no event on the Rocket.Chat logs as well as the keycloak logs.
Related
If I deploy a spring boot application as a azure app, I can externalize the authentication by
using azure API management and configuring oauth2 etc
using the authentication options of azure app service.
As such I don't need to configure any authentication in my spring boot application.
All that works fine and I can find a lot of info about that. What I cannot find is: how do I retrieve the logged on user in my application in such case? How is that information passed to my application?
If you are using oauth2 you should be able to fetch the username from JWT token/via an api call. You can refer this link which tells you how to read jwt token. Once you have the username then you can add it to a custom header and pass to your backend application. Follow this link to understand how to add custom header to your request in api manager to be passed to your back end
I am using hawtio version 1.5.10 o, and using wildfly users as hawtio users.
How to prompt the users to change password post first login using hawtio web?
Thanks
There is no such feature in Hawtio per se. The user credentials are managed by the login module / authentication server, so if it provides such a feature then you can use it to achieve this. For example, if you enable Keycloak integration then Keycloak should provide you with such a feature.
I use liferay 6.1.2 bundled with jboss, integrated with CAS for authentication. Now I want to integrate LDAP for user registration as well. Just the registration is to be done in liferay and to be exported to LDAP and authentication using CAS. The problem I am facing is that when we register in liferay, the user gets exported to LDAP, but not his password. The password will get exported to LDAP only if we log-in using the liferay login portlet. This is actually not allowed and login should be only via CAS to LDAP. Now my idea is that the password should get saved into LDAP at the time of registration itself or any similar workarounds. I have no idea how to accomplish this. Please ask if any additional information is needed.
login.create.account.allow.custom.password=true
passwords.default.policy.change.required=false
ldap.auth.method=bind
These are the extra parameters I tried.
I created an ext to accomplish this. The password is added as a modification item only when it has a change. i.e., not for the first time. I did this by extending DefaultPortalToLDAPConverter class in ext.
I am configuring Liferay with Open AM using Active Directory as the LDAP Server.
The problem I am facing is if i configure OpenAM to authenticate using AD I get the following error in Liferay -
07:52:17,962 DEBUG [http-bio-8080-exec-15][OpenSSOUtil:146] Attributes response code 500
07:52:17,962 DEBUG [http-bio-8080-exec-15][OpenSSOAutoLogin:132] Validating user information for null null with screen name null and email address null
07:52:17,962 ERROR [http-bio-8080-exec-15][AutoLoginFilter:261] Current URL /web/guest/home?p_p_state=maximized&p_p_mode=view&saveLastPath=false&_58_struts_action=%2Flogin%2Flogin&p_p_id=58&p_p_lifecycle=0&_58_redirect=%2Fc generates exception: com.liferay.portal.security.auth.AutoLoginException: java.lang.Exception: Email address is null
On OpenAM side there is no error.
The steps I followed are -
Configure AD in Liferay and enable it
Configure SSO in Liferay through portal-ext file
Enabled pass through authentication in OpenAM.
I dont see any errors in OpenAM logs.
The only issue I see is in Liferay logs.
The following works -
Liferay + AD
Liferay + OpenAM using OpenDJ
Let me know if anyone knows what can be done to fix the issue.
The error you show seam to indicate that the mappping between your openAM server data and the liferay one isn't correct. Look at the properties "open.sso.screen.name.attr" and similar from your portal.
Also keep in mind that you need to activate the ldap sync on your liferay server so the User are created and Liferay can match it with openAM data.
I have CC.net (v. 1.8.3) and CCTray (also v. 1.8.3) installed and LDAP security set up. However, when I add my build server to CCTray and select WinLogin authentication, no builds show up, and I get a login failed notification in the CCNet logs.
If I change the authentication to username/password, it works as I'd expect, however, when closing and restarting CCTray, builds show up as unknown status until I go into configuration to give things a kick. I'd also like to get the AD authentication working without manually specifying username and password because we have a custom build dashboard already using AD auth and I could secure everything through configuration as I should be able to.
Anyone have any ideas or can anyone confirm that they've been able to get AD authentication to work through CCTray or through the CCNet APIs?
WinLogin authentication is broken in CCTray. I'm only able to authenticate (not without problems), if the service is executed as a console application (ccnet.exe). I've never had success with the ccnet windows service (ccservice.exe). I've tried both 'via dashboard' and '.NET remoting' options - no difference.