Oracle Micros Xstore Not Accepted Manual Authorization Codes For Checks
I am trying to setup check Tender and wants to enable Manual Authorization Process Button for Check Tender.
Xstore POS Version 21
Related
There are varying levels of data that a given user may have access to. I want to configure an endpoint so that last time the user supplied their credentials defines the level of authorization they have.
e.g.:
> 1 hour = level 1
< 1 hour > 10 minutes = level 2
< 10 minutes = level 3
I looked at the time-based policy but that does not appear to do what I want. I prefer to leverage keycloak to do this rather than hack up the client to derive these levels itself. The user should be able to request a resource, and the credentials they access that resource with define presumably the access-level (role does not appear to be appropriate for this case), which defines what they have permission to read vs. what would be empty. I looked at the custom authenticator, but that seems only for authentication as opposed to authorization. Like a dynamic time-based policy.
Is this feasible via keycloak? And is it a server feature? How can I configure something that changes with time?
This purely seems like a Server feature and you've to program it internally based on the keycloak access token expiration time.
Keycloak's Time based policy covers the authorization of a user under certain period of time (A user can access app/api/webpage only in the period of time for which time based policy has been implemented, a user accessing the feature before or after time-based policy's mentioned time can not access it). it doesn't cover the hierarchical authorization level that you require.
The only solution i can find to your problem is JavaScript-Based Policy , though you still need to define the rules programmatically as defined in documentation:
You can use this type of policy to define conditions for your permissions using JavaScript. It is one of the rule-based policy types supported by Keycloak, and provides flexibility to write any policy based on the Evaluation API.
Here you can read in details regarding Javascript-based policies:
https://wjw465150.gitbooks.io/keycloak-documentation/content/authorization_services/topics/policy/js-policy.html
So, keycloak doesn't provide any solution for your problem out of the box, you've to do it programmatically inside your Server or through Javascript-based policies
I have trying to implment one time registration verification & daily login using SMS OTP for my app using asp.net core identity implementation.
It is one time token, which should expire in 15 minutes if not used
User should request it again in case its expired or lost
Searching around for it, all the implementation provide details about MFA or Google Authenticator based verification, where this scenario is slightly different.
The Token will not be generated by the Server, and not the Authenticator app.
I need to store token along with its genrated at time.
The token will be 6 digit SMS.
The scenario is more similar to password less auth mentioned here, but then the token in that case is not stored, I need to store it with Validity, not sure how to extend .net core identity to match above requirement.
This is fairly standard way of phone number authentication
I know this is not a standard SO format, but I am at loss from where to start
I know this is an old question, but I found myself here with the same problem, and information about this is surprisingly thin on the ground. Likely as Microsoft recommend using (2FA) authenticator apps, using a Time-based One-time Password Algorithm (TOTP) rather than an OTP with SMS/Email.
Not the intended purpose, but nevertheless the following will allow you to generate and save a time limited (3 minutes) 6 digit OTP, associate it with a user and then use it to verify them using ASP.NET Core Identity.
GenerateChangePhoneNumberTokenAsync
var code = await _userManager.GenerateChangePhoneNumberTokenAsync(user, model.PhoneNumber);
https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.usermanager-1.generatechangephonenumbertokenasync
and
VerifyChangePhoneNumberTokenAsync
bool valid = await _userManager.VerifyChangePhoneNumberTokenAsync(user, code, model.PhoneNumber);
https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.usermanager-1.verifychangephonenumbertokenasync
This can be seen being implemented in the documentation posted by Erik & paulsm4
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/2fa?view=aspnetcore-1.1&viewFallbackFrom=aspnetcore-3.1
A link to the code
https://github.com/dotnet/AspNetCore.Docs/tree/master/aspnetcore/security/authentication/2fa/sample/Web2FA
A link to the controller where this is implemented
https://github.com/dotnet/AspNetCore.Docs/blob/master/aspnetcore/security/authentication/2fa/sample/Web2FA/Controllers/ManageController.cs
My application is using Form based authentication and JBoss 5 as application server. I want to add an account lockout mechanism to the applicaton. Does JBoss form based authentication support account lockout? If yes, how do I configure it. If no, what is the best solution without changing the existing functionality much?
I have searched quite a bit on the web, but could not find answer to this.
Any suggestions would be a great help.
Thanks,
jayash
I am not aware of an "out-of-the-box" solution, but there is always the possibility to write a custom login module.
So have a look at the source of the DatabaseServerLoginModule: You could extend it to support a lockout.
Add a flag in the database which indicates that the last verificatoin was not successful
Count and store the number of subsequent login failures in the database for a given user ID
Reset the counter and the flag, if there is a successful verification
But if the counter reaches a limit, the password verification always returns false, and the flag/counter are not reset.
So you can configure the front end to have account lockout: You just declare it to use form-based authentication. But you have to add some pages to maintain the accounts which are locked (you already have this or need this anyway).
In my chat application I want to implement a functionality that whenever a user is already logged in and if he/she wants to login again in some other device using the same username & password, it should revert the user back a message - "You are already logged in somewhere else"
I only know this method to check the logged in status -
connection.isConnected();
But this will not server my purpose.
Alex answer is correct, but let me elaborate it a little bit:
After a successful login your XMPP-IM client will send a presence stanza to the server. The server then replies with the presence stanzas of ever JID in your roster with subscription status 'from' and 'both' (RFC6121 XMPP-IM 4.2.2 and 4.4.2).
Section 4.4.2 also states:
The user's server MUST also send the presence stanza to all of the user's
available resources (including the resource that generated the presence
notification in the first place).
This means that you will get the presence information from every other connected resource of your JID. If you receive here a presence stanza from a different full JID then you used with your current connection you know that a second (or third,...) client is connected with your JID and you display the "You are already logged in somewhere else" message.
Note that this is not really what you want do when using XMPP, as multiple clients simultaneously connected using the same bare JID is a core feature of XMPP-IM.
When using smack, Iterator<Presence> Roster.getPresences(String user) may be used to retrieve the presence information. The call would look something like this getPresences(XMPPConnection.getUser()). (Note that I have not verified if it really works).
after login when you send your initial presence you get the presences of all your other resources (devices). So check all your incoming presences and you will know all your available connections.
In our system one client may have multiple operators. However there is a "wish" from client.
One company has an account, however there can be mulitple operators assigned to this company. Client wants us to prepare a solution that only one operator from company can log in to the system at same time. How can I achieve this?
Just by making sure they system has the ability to validate the login on each request. Either
Actively (by querying state -- possibly a database to compare some secrets) or
Passively -- using some form of cryptography and tokens (possibly in the cookie).
Option one is easiest, option 2 is fastest. If you validate on each request you can make sure that only one user remains logged in -- if another user signs in you can invalidate the existing active login -- perhaps with a cooldown period of n amount minutes.
You have to develop some form of login scheme -- kerberos is the defacto scheme -- read this easy to follow tutorial on kerberos Designing an Authentication System: a Dialogue in Four Scenes It should show you what you really need to do.
You could use a database field to flag that they are logged in. Update the field to 'logged in' when they do so, and then update it to 'logged out' when they log out.
You'd also need to monitor login sessions for expiry to update the field if a user never bothered to explicitly logout.
The best approach I've used:
Create a table used to track whether an operator is logged in (e.g. userid and last_accessed_dt)
On each page request by the operator update the last requested date/time
When an operator attempts to login they can only do so if the last requested data/time > timeout period of sessions on your website (E.g. 30 minutes) or if they are the Last Operator User ID ... this way they can quickly recover from a logoff etc.
When an operator logs off have the Last Accessed cleared
When the session times out have the Last Accessed cleared
"I am using WPF application and the server is written in WCF, however this can be achieved. But what in situation when user has an application opened and was inactive for 30min?"
This system is going to be single-user, so I suggest you start a counter thread when a user logs in. When counter reaches 30 minutes, write a value to the db indicating that user has timed out and other users are free to login. Obviously, you should do the same thing when user explicitly logs out.