I want to configure openId connect with google credentials for xwiki. Currently, Curently, I am following this enter link description here which ask to edit xwiki.properties to configure openId connect but It has not information with Google. But this link enter link description here provides information about google configuration.
Related
In this AoG i'm using account linking with OAuth and Authorization Code.
The goal here is to prompt the user if he wants to link his spotify account with the AoG.
The user will be redirected to a hosted (in S3 bucket) web page after he confirms that he wants to link his account where he will then connect with his spotify account and give the AoG permission to play songs on his speaker.
Upon submission of the AoG it was rejected after the review. The reason is the following :
Your account linking OAuth URL appears to be owned by an external
party. Thank you for submitting your Assistant action for review.
Unfortunately, your action has been denied for the following:
Your Action violates our Account Linking & Identity policies. The OAuth link provided does not appear to be associated with this Action.
When implementing account linking using OAuth, you must own your OAuth
endpoint or have control over it with an OAuth service provider. You
cannot use external parties, such as Spotify or facebook, for your
account linking implementation. Please see
https://developers.google.com/actions/policies/general-policies#account_linking_and_identity
for more information.
does anyone knows how to solve the problem ? Is it even solvable ?
As per the policy, if you want to do account linking you need to be the owner of the OAuth service. If you are not Spotify, you cannot use Spotify directly. You'd need to host your own OAuth which could then add an OAuth connection to Spotify.
I have the free developer edition. I want to provision users to my web site using SCIM. The docs say look under "dashboard/agents". I have no agents tab under dashboards.
https://support.okta.com/articles/Knowledge_Article/46749316-On-Premises-Provisioning-Deployment-Guide?id=kA0F0000000AY3C&q=scim&l=en_US&fs=Search&pn=1#code
Also for behind a firewall the document says download the "On-Prem Provisioning Agent". I have not been able to find that under "setting/downloads" or anywhere else. Where do I find that?
You will need to contact Okta Support or your Okta Sales contact to enable the On-Premises Provisioning feature.
I want to develop an application that uses Google as the authentication provider, but I want my app to know if the Google account is using 2-step verification before the account is enrolled in my app.
Can't find the required API in Google dev docs.
This answer here explains how to find out if users have 2-step verification turned on. See API documentation here and parameters here.
I had installed Jenkins in Ubuntu machine and making build successfully. I want to have authentication with help of Google apps. I feel it would be better, I searched the plugin respective to this, but i can't find it. whether this can be attained by means of plugin or otherways? Please do let me know the ways to do. Thanks in advance
Now that Google deprecated support for OpenID, you can use Google Login Plugin which works well with Google Apps.
In Jenkins by default user authentication is not enabled but we can establish the user authentication from the Global Security section. We have to create users for team members and it maintains all user in its own database. But we can also configure Jenkins with Google OAuth. So, if you are leveraging Google services and already have users on it. The users can login to Jenkins and perform their task.
To implement Google OAuth we'll recommend jenkinsci/google-login-plugin (https://github.com/jenkinsci/google-login-plugin) this is a Jenkins plugin which lets you login to Jenkins with your Google account. Also allows you to restrict access to accounts in a given Google Apps domain.
I am assuming that we have already installed Jenkins server and have admin right to make changes in it. The whole configuration is divided into three easy steps.
1. Get Google OAuth Credentials
To use this plugin, you must obtain OAuth 2.0 credentials from the Google Developers Console (https://console.developers.google.com). These don't need to belong to a special account, or even one associated with the domain you want to restrict logins to.
Instructions to create the Client ID and Secret:
Login to the Google Developers Console
Create a new project, in the pop-up window specify your project
name it can be any name which is more meaning full to you, eg:
Jenkins OAuth. In this project we will generate authantication
credentials to enable OAuth API.
On the left sidebar under APIs & Services (API Manager) ->
Credentials, Create credentials, OAuth client ID (It will genrate API
credentials and these credentails are required to configure in
Jenkins in last step).
As we are going to integrate this in Jenkins and it is a web
service, the application type should be "Web Application"
Register Jenkins URI from where we allowed to access the Google
APIs. We have to provide Jenkins server detail. You can replace your
JENKINS_ROOT_URL = http:jenkins.mydomain.com with your own Jenkins URI. This will be the landing page of your Jenkins server.
Once you hit this page it will be redirected to google for the
authentication.
The authorized redirect URIs is required to redirect you after
successful login. It is the combination of your Jenkins landing page
and a suffix string to validate you are a logged in user. As we want
to land user to Jenkins dashboard, so it has the same URI which we
mentioned in the previous step and don’t forget to include
securityRealm/finishLogin at the end. So the authorized redirect
URLs should result like this
${JENKINS_ROOT_URL}/securityRealm/finishLogin.
eg: http://jenkins.mydoamin.com/securityRealm/finishLogin
Copy and save Client ID and Client Secret, these credential
will be used to enable Google APIs in Jenkins (Security Realm
Configuration).
2. Install Google Login Plugin
In Jenkins there is no mechanism to configure OAuth but there are many plugins are available and we are using Google Login plugin. We can easily install this plugin from Manage Jenkins –> Manage Plugins –> Available and search for “Google Login”. Select the plugin. There is no need to restart to install this plugin. This plugin allows for the register Google OAuth and performs authentication.
3. Configure Jenkins
In this step, we will setup Google security credentials in installed plugin. Navigate to Manage Jenkins –> Configure Global Security and select Login with Google under Security Realm paste credentials (Client ID and secret) generated in the first step. In the last field do not forget to enter your domain name it allows you to restrict access to given domain name.
Immediately after saving changes Jenkins will allow access to all users in your domain. Now, try to login into your Jenkins it will redirect you to Google Authentication page. If everything is set up properly you will be logged in but just in case you’re still facing any problem go back and check each step. The logged in user can do anything and if you want to restrict users you can implement Role Strategy Plugin (https://wiki.jenkins.io/display/JENKINS/Role+Strategy+Plugin) security.
You can achieve Single Sign On with Google Apps using the OpenID Plugin. It's very easy to set up, you basically install the plugin, select "Google Apps SSO (with OpenID)" and enter your domain. Note that users will have to have a google apps account to login after that.
Tip: you might consider using it in combination with the Role Strategy Plugin
I used a command line browser called elinks to sign in to their html mail server http://m.gmail.com.
Use shift in Elinks to copy and paste.
http://minimallinux.blogspot.com/2012/07/centos-6rhel-install-elinks-text-browser.html
I switched a text message script from one jenkins box to another and had to do this to get Google to let me use that IP.
We currently have a corporate portal in which users authenticate and get different page views based on their access level. We have been tasked with allowing them to click a Google Mail icon to sign them into their domain Google Mail Account. To do something like this, should we be looking in to oAuth or Open ID? Presently, they're already using their email and password to sign in.
From what we understand, Open ID requires their email and password to go to us, which we have; but will Open ID do what we're looking for?
Thank you.
Since your users have a Google Apps for Business email address already, I would suggest using the Google+ Federated Login feature-set. (You can learn more here: https://developers.google.com/accounts/docs/OpenID)
A quick snippet from the aforementioned link:
If you are planning to provide a “sign-in with Google” feature, we recommend using Google+ Sign-in, which provides the OAuth 2.0 authentication mechanism along with additional access to Google desktop and mobile features...[the] OpenID+OAuth Hybrid protocol lets web developers combine an OpenID request with an OAuth authentication request. This extension is useful for web developers who use both OpenID and OAuth, particularly in that it simplifies the process for users by requesting their approval once instead of twice.
You can find more on the Google+ Federated Login toolset and explore a sample application here: https://developers.google.com/+/
Hope this helps!