Reading SAML or Shibboleth header in nodejs - node.js

I have a URL, say xyz.com, which upon being hit sends a request to Apache HTTP server which redirects to a come login page.
Upon sucessful verification of user the Apache redirects to my nodejs application with URL xyz.com
With SAML header which contains user info.
How to read this SAML header in node js.
PS: Had it been a Java application instead of nodejs req.getSession would have worked.
Thanks

Related

How to handle uri redirect upon authentication with keycloak

I want to use keycloak for our Nodejs application authentication.
We have a node.js backend and a UI5 frontend.
I want all the traffic to flow through keycloak and then upon successful authentication
the traffic should be redirected & allowed through and upon failure to redirect to a failure or permission denied screen.
How do you redirect requests to keycloak authentication and then redirect the traffic accordingly?
I know keycloak has some keycloak.protect() to do authentication but how do you check the token and redirect traffic? How do you configure routes on backend and frontend w keycloak?
In keycloak settings, you can find "redirect param" option there you can specify the redirect after authentication.

Google OAuth 2 authorization - wrong confiemation link is generated

Trying to allow my application to read my gmail.
Created OAuth 2.0 client, set up redirect urls for it.
Started service and got prompt
Please visit this URL to authorize this application:
But this url has incorrect redirect_url param (it sets localhost:xxxxx where port is always a random number). This URL is not what I set up creating OAuth client (my redirect uris are on the same host as my application). So I can't authenticate my service to my gmail. Why?
Should the redirect uri return smth? I've read all the related questions, but can't find an answer.

How can I get the Pinterest API to accept my redirect URL?

I am trying to build an app in node.js that connects to Pinterest via its API. I can get an access token via Postman and test my app in single-user mode, but I am unable to incorporate OAuth2 to test my app for a second user. Every configuration of my code and settings at developer.pinterest.com yields the error "The provided redirect_uri ... does not match any of my registered redirect URIs."
I registered what I believe are correct callback URLs at developers.pinterest.com--many variants, with and without trailing slashes. My callback is hosted via https.
I tried calling Pinterest's auth URLs OAuth2 in my server code (node.js), and via browser address bar.
https://api.pinterest.com/oauth/?response_type=code&redirect_uri=https://www.outfinterest.com/auth/pinterest/callback/&client_id=5042375080944909391&scope=read_public&state=true
I attempted the auth from a browser logged into Pinterest as me, and from a browser logged in as a registered tester of my app.
What must I do to get Pinterest to accept my callback URL?
Do I need to submit my app for approval before I can authorize via OAuth2?
I resolved the problem by reducing the set URLs registered at developer.pinterest.com to just the one I need, then reloaded the page with the app settings.

Unusual HTTP response on ASP.NET Core web app hosted in Azure in Chrome

I host a React & ASP.NET Core web app in an Azure App Service. I'm encountering an isolated and bizarre (to me anyway!) issue relating to the post-login process in my application.
We use Okta for authentication and the login process looks like this:
User navigates to our website
On page load when not logged in, authorize attribute redirects to the '/api/auth/login' controller action
'/api/auth/login' invokes challenge and redirects to Okta
User logs in to Okta and is redirected back to callback URL specified in OpenID connect middleware
Web app redirects back to '/api/auth/login' to check if user is authenticated then redirects to '/' to render home page
In chrome, in azure and over https only step 5 above does not redirect to '/' and instead the call to '/api/auth/login' is returning a 200. Nowhere in my controller action do I return a 200 here. This works locally when using chrome and HTTPs so it seems to be isolated to my Azure environment.
Chrome request/response dumps of HTTP vs HTTPS in Azure are below. The HTTP response is what I'm expecting, I've got no idea where the HTTPS response is coming from.
HTTP with expected response from '/api/auth/login' call:
HTTPS with unexpected response:
Any suggestions would be greatly appreciated!
The scaffolding framework we used for our react application was registering a service worker which was returning this 200.

N ot getting CA Siteminder SMSESSION Cookie in response

We are implementing CA Site minder on external server for single sign on.
We did all necessary configuration on our server as well as on policy server.
When I hit my URL request get interrupted by ISAPI Filter and Site Minder Replace it with Log in Page Then I put credentials and click log in.
This request goes to policy server and after authenticating site minder redirect me to original url that I hit early on but somehow i am not getting SMSESSION Cookie.
I check FRT log and found that cookie is there in Request Header which mean site minder able to generate and pass the cookie to request but not set in Response header So its getting removed from response.
I tried to find why its getting removed or response not setting SMSESSION Cookie but not able to find any reason.
I am using Integrated pipeline mode and the same setup is working fine with classic mode but since my application is MVC I can't use that and i have to use integrated mode.
The SMSESSION cookie is not provided to the application from SiteMinder. It is initialized in the client browser after login and should be included when the authenticated request arrives back at your application.
I suggest monitoring the client side to ensure the SMSESSION is received after login and sent back out in the application request.

Resources