I am trying to add my localhost i.e. 127.0.0.1:xxxx/ but firebase is saying A valid domain name is required (e.g. 'myapp.com')
I was adding my domain and i was expecting it to added in the list
Related
I've got Azure ServiceFabric web-app (AspNetCore 3) hosted over reverse proxy (NGinx). The app use AzureAD (in company) authentication. I've Registered App for the AD and setup Redirect Urls. After publishing the APP and configuring DNS and reverse proxy I tried to authorize to my app but failed with error
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '...-...-...-...-...'.
I snifed the request and found that it redirects to the internal IP but not domain name
https://login.microsoftonline.com/aeb55839-c47b-4fea-8d95-912f673fa7ac/oauth2/v2.0/authorize?client_id=.....&redirect_uri=http%3A%2F%2F10.2.0.5%3A44321%2Fsignin-oidc...
It seems that I've looked everywhere but I cannot stil found where I can specify redirect url manually (only CallbackPath).
Does anyone solve the issue?
Update 1.
Add screenshot from Azure Portal
Update 2
Mannually add http://10.2.0.5:44321/signin-oidc to the Redirect Url, get a new exception
AADSTS500117: The reply uri specified in the request isn't using a secure scheme.
I wonder whether I have to make my ASF cluster secured to allow AD Authorization? It seems to me strange due to I want to secure traffic to reverse proxy only.
This error will occur when there is a mismatch of redirect URI being sent in the request to AAD while fetching the token and the one registered with the Application Registration Object in AAD portal.
In App Registration blade of AAD and look for the redirect URI section present under "Authentication" section of the registered application and update the redirection
URL. Please refer to the screenshot below:
update:-
The Reply url you are using in your code is http://10.2.0.5:44321/signin-oidc which is different from reply url defined in Azure AD i.e., https://dev-adm.project-llc.ru/signin-oidc. Please update the reply url in code or in AAD.
There is a SharePoint which I'm accessing a file using REST API through Kerberos authentication , the problem is that the SharePoint where it is located has two DNS entries for a single IP, whenever it resolves to domain name 1, the API is getting authenticated and I'm getting back response , but whenever the DNS is resolving to domain name 2 , the authentication fails with error : ' server not found in Kerberos database '
And this DNS resolution is random
What needs to be done to solve this problem ?
Or how can I add this second DNS entry to Kerberos database ??
"The network administrators are not ready to remove 2nd DNS entry ! "
You just need to add an SPN (servicePrincipalName) for the second domain name to the AD service account or computer object that runs SharePoint in the form of http/your.second.domain.com.
I've been trying to use this code on my local environment. I saved it as a php script and when I run it, it says:
Failed to create account: The domain name (the-domain-I-used.com) is allready added to a hosting account. .
I don't want it to create an account with my domain, I want it to allow users to type their domain in. How do I do this?
I'm using Cloudant as my database, and I've correctly set it up with Cloudflare as a virtual host so instead of having a randomly generated subdomain to my database like this:
f8b3f1f4-b695-4806-someting-fre-bluemix.cloudant.com
I got it in under my custom domain like this:
db.example.com
I've correctly set the SSL certificate and everything is perfectly good.
The problem now is that on the custom domain I can't authenticate (using basic auth) to my DB using the username and the password I use on the randomly generated domain.
on the custom domain (db.example.com), I get this error:
{
"error": "unauthorized",
"reason": "Name or password is incorrect."
}
while on the original domain (f8b3f1f4-b695-4806-someting-fre-bluemix.cloudant.com) the basic auth works just fine.
Cloudant auth needs some way to figure out your username, which it normally does by using the subdomain, which is also your account name and login. Normally, this is added by the load balancer which knows about the subdomain, but you may have to add it manually when using a virtual host (I've never tried). Try adding a header "X-Cloudant-User: f8b3f1f4-b695-4806-someting-fre-bluemix" (or whatever your account is) to your request and see if that changes anything.
when going to the custom AWS Cognito UI Page:
https://<your_domain>/login?response_type=code&client_id=<your_app_client_id>
am getting the following error:
An error was encountered with the requested page.
View error
invalid_request
O-Auth options need to be check as shown in the following picture
from https://aws.amazon.com/blogs/aws/launch-amazon-cognito-user-pools-general-availability-app-integration-and-federation/
You need the following in the App client Settings of your user pool:
Enable Cognito User Pool as "Identity Provider".
Allowed "OAuth Scopes" should have openid enabled.
In my case, it appears there was some issue with verifying the phone number. So switched back to email.
This document is good for checking everything.
https://aws.amazon.com/blogs/aws/launch-amazon-cognito-user-pools-general-availability-app-integration-and-federation/
Unless the SMS Sending setup is not complete, do not choose the Email or Phone option. Email or phone actually falls back to phone number only. Read the warning messages.
TLDR: If you use an AWS User Pool with Cognito App Client and have an Application Load Balancer that is exposed via a custom DNS entry (e.g. custom-domain.com, which has to be secured via SSL), use this custom domain for the Cognito App Client's callback URL (i.e. https://custom-domain.com/oauth2/idpresponse) instead if the random DNS name created by AWS.
I had the same error and this issue solved it for me. I used a User Pool with a Cognito App Client and as callback URL I first used the DNS name that AWS created for it (<load balancer name>-<random number>.<region>.elb.amazonaws.com, i.e. "callbackUrl": "https://<load balancer name>-<random number>.<region>.elb.amazonaws.com/oauth2/idpresponse). I also created a DNS record for a custom domain to expose the load balancer to the internet and secured it via SSL. As a result, the certificate was not valid for the URL created by AWS, but only my custom domain. The Cognito App Client was thus trying to access the URL with the invalid SSL certificate and returned the error.