Oauth and excel links - excel

We have a web app that used to be authenticated through forms and we changed it to use oauth with azure ad. Some users save links to different pages in the app in excel files. The problem is that since we changed the authentication we get an error when an excel link is clicked : "Microsoft.IdentityModel.Protocols.OpenIdConnectProtocolInvalidNonceException
IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce is null. A nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'."
I tried adding the OPTIONS and PROPFIND verb to requestFiltering but no luck...

Installing the fix from this page :Microsoft support
fixed the problem. We are also looking into changing the SSO cookie policy because we don't want to have every user installing the fix if is not necessary.
Updated 2018.01.18
We updated the OS in the company to windows 10 and the issues reappeared. Implementing this code seems to fix the problem: https://github.com/aspnet/AspNetKatana/issues/78

Related

Unwanted CSRF validation on Liferay 7.3 LoginPortlet

After a user performs a login using the portal LoginPortlet the login does not succeed and a WARN was printed to the log:
User 0 is not allowed to access URL http://localhost:8080/web/guest/login and portlet com_liferay_login_web_portlet_LoginPortlet: User 0 did not provide a valid CSRF token for com.liferay.portlet.SecurityPortletContainerWrapper
After a second login afterwards, the login was ok. The issues only occurs if the login page was opened some minutes and the auth token gets invalidated. This is basically fine, but the portal config portlet.add.default.resource.check.whitelist has an exclude for LoginPortlet. But this whitelist seems not avoid the unwanted check. Are there any other places how the avoid CSRF checking for LoginPortlet?
I could not reproduce this issue, I used this server for testing:
Liferay Community Edition Portal 7.3.5 CE GA6
Here are my steps, please let me know what I should change to experience the issue:
I extracted this zip file to my ubuntu linux pc:
liferay-ce-portal-tomcat-7.3.5-ga6-20200930172312275.tar.gz
Started the server and completed the 1st time setup
I re-started the server and visited localhost:8080 in an Opera browser
Waited 7 minutes
I clicked on "Sign in" in the upper right corner
Waited again 5 minutes
I entered my credentials
Results:
I could log on successfully, there were no errors about CSRF
A couple of suggestions:
A. Do a search for CSRF in:
https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/portal.properties
and see if you can find a property that solves your issue
Such properties can be:
auth.token.impl=com.liferay.portal.security.auth.SessionAuthToken
auth.token.check.enabled=false
auth.token.ignore.origins
B. Maybe you can try to set up something like this in your portal-ext.properties:
portlet.add.default.resource.check.whitelist.actions=/login/login
C. You can do a search in Liferay Jira, for example this ticket talks about something similar:
https://issues.liferay.com/browse/LPS-129976

API issue when editing order in opencart admin

Afternoon all,
I've got an issue when trying to change the status of an order (from pending to complete etc...) in the admin section.
A warning appears saying
Warning: You do not have permission to access the API!
if i have add my IP to the API IP address section it's working fine
the fields are all in red and the continue button doesn't work.
A similar thing happens if I view an order instead and try to add a new status to the order history.
I've seen this problem mentioned a few times in other posts but, afaik, without any satisfactory answer.
I'm using Opencart 2.0.3.1 and I'm logged in as an administrator and the administrator user group has all Access and Modify permissions enabled.
There is the default API user set up in System > Users > API and I also added (and then removed) another one but I was not sure what to do once I had created a new API user with a username and generated password.
There are no other problems on the site but, despite trying just about all the suggestions in the other forum posts, I can't edit the existing orders from the admin section.
Check this page out with a list of fixes for this issue: http://www.randemsystems.com/support/opencart/api-problems-what-you-need-to-know/msg6218/#msg6218
As far as I know, this issue is resolved in OC v2.1x onwards
The problem is that you need an API user with a valid IP address.
Go to System > Users > API.
Either modify the Default API by adding your IP address in the second tab, or just create a new API.
After that you should make sure the API is selected in System > Settings > Edit > Option > API User.
Click save, refresh and try adding order history again.
I tried the same thing and didn’t have permission to access the API when attempting to add order history. Follow the steps and it should work for you, as it worked for me.
I know it's late, but after trying everything and not getting it working, I deleted everything here /system/storage/cache. It solved the problem.
It works perfect for me .
1- Open index.php file of root directory
2- add the following after define('version',x.x.x.x);
if ($_SERVER["HTTP_CF_CONNECTING_IP"])
{
$_SERVER["REMOTE_ADDR"] = $_SERVER["HTTP_CF_CONNECTING_IP"];
}

Facebook login API Error Code: 191

I am getting this error:
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not allowed by the Application configuration.
When browsing to this page.
https://www.facebook.com/dialog/oauth?response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fusers%2Fauth%2Ffacebook%2Fcallback&scope=email%2Cuser_about_me&client_id=clientid&type=web_server
I ofcourse googled around and found this topic:
Facebook API error 191
It says that add your page URL to facebook. I have been going through all tabs in facebook under my created App and there is no input box for page URL.
I also see that this answer is from early 2012 and possibly outdated, how should it be done in 2013?
If you go to "http://developers.facebook.com" you should be able to login, click on "Apps" at the top. From there you can click on "Edit Settings" for the app that you are testing (or creating). I took a screen shot of what that looks like:
My guess is there is an error in the field "App Domains", or in the "Site URL" field. You will want to make sure that your url and domain(s) are correct. Hopefully this helps or at least sets you on the right track.
One more suggestion - it looks like you are testing using "localhost". If you are developing on a windows system you can improve the quality of your tests by editing the hosts file and registering your actual host name. OSX or other operating systems have similar mechanisms for registering a host name. Once you have done this you can bind IIS or Apache to that host by creating a new site (or using the virtual hosts option). After that you should be able to type in a more real looking host name which makes the Facebook authentication work that much better. Best of luck!

PhoneGap.Build example com.facebook.sdk error 2

Bulding via phonegap.build service simple example(https://github.com/phonegap-build/FacebookConnect/tree/master/example/Simple) from this repo + my config.xml (https://gist.github.com/zulman/5070388)
After tap on login button message informs me about "com.facebook.sdk error 2"
I check all info on github's main page about this error, check stackoverflow entries.
My bundle id is the same on facebook dev page and in config.
My sandbox mode disabled on facebook dev page.
My app ids are equal on js, config and facebook dev page.
How i can get extended error info or way to fix it without using manual building on xcode? Thanks.
I had exactly the same problem.
Check the permissions you are requesting.
Apparently with the newest version of SDK you cannot request write and read permissions during the same request.
For me, requesting "offline_access" was an issue. After removing that one, the error disappeared. Try requesting only the basic permissions (like "email,user_about_me") and see what happens.

Cannot login to WSS 3.0 site using forms authentication

A changed Windows authentication to Forms authentication. Using the following example.
I added a user with Web Site Administration Tool. Finally I added this user as Site Collection Administrators and the user is recognized by SharePoint. Happy with that is started my WSS site in the browser but when I try to Sign in using this sign in form it is not working. Returns to this form after the submit (//spvm:100/_layouts/login.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252f&Source=%2f)
I have been scanning my Eventviewer but no succes for any comment what tells me what I am doing wrong. Maybe some of you guys can help me out?
Once you are redirected to this page, try navigating to http://spvm:100. Sometime I get this kind of case where I move make to the root, then it works. I really didnt know the reason why sometime it behaves like that.
I had the same issue. I found that something was wrong with my browser's settings. I tried to log in with another browser (Firefox) and that worked for me.
I don't know yet what was wrong with my IE7's settings, on another machine I could log in to a forms auth site without any problem.

Resources