I have an Azure Function where I have enabled Authentication with the Identity provider being Microsoft. With Postman, I get my token, call the root page ("Your Functions 4.0 app is up and running"), pass it in the Authorization header and it responds correctly.
Once I enable vNet Integration, the function respond with the error
The page cannot be displayed because an internal server error has occurred.
What did I missed?
The post is quite old and there is no information on the VNet integration setup, but anyway.
The issue might be because of the VNet Integration setting called Route All.
According to the official Azure documentation,
If Route All is disabled, your app only routes private traffic into your virtual network. If you want to route all your outbound app traffic into your virtual network, make sure that Route All is enabled.
So I believe the Route All is enabled in your configuration. And you should try to disable it:
Go to Vnet Integration
Disable toggle Route All as it is in the screenshot below
Related
I defined a client in keycloak admin console to authorize it with client_credentials flow to call server-to-server api in my application. Everything is fine, i want to apply IP restriction for that client.
Where can i define this restriction in admin console? i didn't find such configuration in keycloak documentation.
There is no such settings out of the box, but you could try to implement custom client authenticator. So for example allowed IP Addr could be stored in client attributes, and your authenticator implementation will challenge incoming request against specified IP addr. See "Server Development" section in Keycloak documentation. Also you can refer to keycloak github repo for implementation examples and guides. Start from
https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/authentication/authenticators/client/ClientIdAndSecretAuthenticator.java
I am having trouble with authentication in my asp-net web service. This service has an angular gui and some mvc api.
This service will be deployed on multiple servers inside my organisation windows or linux (or even docker). This seems to prevent me from using basic active directory authentication. Important part is I don't know before deployment the target ip:port of deployment.
I am trying to add an azure active directory based authentication.
public void ConfigureServices(IServiceCollection services)
{
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
}
Everything works fine until I get into the Reply Url part of the authent process. It seems I can't find a way to avoid using a reply url.
In dev environement I have to add localhost as a valid reply url to my app and everything works fine. But what about future deployment? It seems very painfull to maintain a complete and up to date list of all the alive servers.
Is there a way to do the complete auth process client side and then go back to back end only when the final token has been received? I then suppose that the backend would have to validate the token against the authority has it was not implied in the process but that's fine.
What am I missing here?
I'm thinking of using radius in an open network to allow some navigation in a some local pages, and require authentication for Internet access. Is there any way to configure FreeRADIUS in that way? For example, have a NodeJS app and FreeRADUIS running in an ubuntu server, when a user connects to the network, redirect to a page that let's him use the NodeJS app, or sign in for Internet use
No. You need to use a captive portal server like Coova in order to provide walled garden functionality.
FreeRADIUS just implements the network policies.
If you want to redirect users to your application , then you must configure router with firewall rules, and you also have to setup captivate portal on this router (Like nodogsplash, coova-chilli)
In coova chilli you can define login url path.
freeradius is only for authentication,policy setup ,and data accounting.
In my scenario I am using mikrotik router with capative portal and freeradius setup. I set up router policy from freeradius (radreply section) WISPr-Redirection-URL
for refrence you can check here: Mikrotik official site for radius attributes
Is it generally possible to have a Microsoft Azure in the background to act as a SSO Authentication server for Apache auth?
The example is:
There are many users inside the Microsoft Azure
I have a Webpage on a Linux server served by Apache2
The webpage should be protected (exactly like basic-auth) by Azure (via SSO)
If the user is signed in into Azure and has rights, he can see the website
If the user is not signed in, he will be redirected back to Azure's login-page and after successful login will back to the webpage.
Is this generally possible?
If so what technologies/modules do I have to use for apache in order to speak with Azure?
Thanks for any hints towards the right direction.
Update
The Azure server is already fully configured. I just need to sort out the end on Apache.
I think what you are looking for is Azure Active Directory. it is an Identity as a Service product that supports modern protocols like OAuth, OpenID Connect. There's a client SDK called ADAL (Active Directory Authentication Library), but since it's standard protocols, you can integrate with other standard based authentication libraries. For example, the node.js tutorial shows how to use passport.
You didn't mention what web stack you are using but it's most likely listed here:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-developers-guide/
On a side note: if you can host your app on Azure Web App Service then it has built in integration with Azure Active Directory, so you can add a layer of authentication on top of your website without modifying your application code.
More info on that here: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-how-to-configure-active-directory-authentication/
I have several web services that I want to make available to clients. My clients are split into two groups:
users using a web browser (I serve a web page that uses javascript + AJAX to request data from the web services)
applications (e.g. server app pulling data into a client's system)
1) I can solve the former by exposing my web services to external users using the application server and I can use the identity server to authenticate access (haven't worked how to do this out yet).
2) The latter is nicely satisfied by using the API manager. I can happily tell clients to log in to the API manager and subscribe to APIs. The APIs I create are proxies for the web services mentioned in 1).
I know that an API I create in the API manager can include a username and password for accessing the proxied web service. Is it possible to let an API proxy a web service that is authenticated using the identity manager? Sorry I'm reading documentation and struggling to understand if I can do this. Thanks
". Is it possible to let an API proxy a web service that is
authenticated using the identity manager? "
Currently APIManager supports the service endpoints which are secured using basicauth/usernametoken.
If you use identityserver to secure you service, using any other mechanism, that wont be supported by APIManager.
Stodge,
Default API manager authentication mechanism is Oauth. it uses Oauth token mechanism to authenticate all APIs.
Please refer [1],
Here the authentication component also sits in the AM. This can be delegated to a different AM instance if required.
Hope this helps.
[1] http://docs.wso2.org/wiki/display/AM140/Token+APIs