I am trying to implement an external captive portal using TP-Link EAP115 access point and OC200 controller V5.0.30 whitout Radius server.
The captive portal that will collect the data will be hosted on an Ionos host (a normal website), so is not on the same network as the controller and I don't want to use a radius server.
First, is it possible?
Secondly, to authorize the client who will connect, a CURL request must be executed to retrieve a token which will be used for authentication, and to do so, it must be sent to the ip address of the controller.
curl_setopt($ch, CURLOPT_URL, "https://" . $controller . ":" . $port . "/" . $controller_id . "/api/v2/hotspot/login");
$controller is the ip of the controller that I can't find, I tried local addresses 192.168.100.179 since the client will be on the same network as the controller when connecting, I tried $_SERVER['REMOTE_ADDR '] since the client and the controller will have the same public ip when connecting.
each time, I get the response CURL: timedout, like the address is not found I guess.
Anyone have an idea that can help me?
Thank you
Related
I am new in whatsapp business API integration and i successfully installed Docker and postman collection.
Referring below link : https://developers.facebook.com/docs/whatsapp/installation/dev-single-instance
Now in postman collection they mentioned regarding {{ URL }}
Collection Link : https://developers.facebook.com/docs/whatsapp/guides/postman
The first thing you should replace is the URL which represents the webapp endpoint. You'll see that all of the requests will reference this variable via {{URL}} so it's important you get this right.
How can i get this Valid URL ?
I tried hard but unable to find it.
Help me if anybody know this.
Thanks in advance.
If you have deployed whatsApp business API over docker setup .. then your endpoint url will be https://localhost:9090 .. replace "localhost" with ip of server if required.
Simply, use command netstat -nltp|grep 9090, and check on which ip the port is open for.
I've set up an ASP.Net Core project to use Google OAuth signin from this tutorial
I created a client ID & secret using the settings 'Web server' with address 'https://localhost:5001/signin-google' and exposed the secrets to the app as described in the tutorial. I have a basic view which is just the minimum required HTML & JS to show a 'Sign in with Google' button and allow authentication (verified working on localhost).
I created a deployment in a docker container on a Raspberry Pi on the local network. When I navigate to the view with the Google sign in button and click it, I get an error of
Error: invalid_request
Permission denied to generate login hint for target domain.
In the error details it specifies the redirect URL as:
redirect_uri=storagerelay://http/x.x.x.x:8000?id=auth572720
where x.x.x.x is the address of the Pi on our local network
I am assuming this is because the client expects a redirect URL of 'https://localhost..etc' but is getting 'http://x.x.x.x'.
I am unsure how to solve this, it seems like I may need to create another token to enable authentication on my Raspberry Pi (e.g. create another 'web server' OAuth sign in using the re-direct address 'http://x.x.x.x.etc/signin-google' but when I try this I get an error of 'Must be a top private domain'.
All in all this is very frustrating, and I would appreciate any help.
There is no need to create a new credential, just add the new redirect URL to the existing credential.
The redirect URL domain must be a TLD. Choose something like localhost.mydomain.com and then add an entry in your /etc/hosts file to resolve localhost.mydomain.com to x.x.x.x
We have an on-prem asp.net core app that leverage AAD for authentication, the app is setup to run in both:
http://domainserver/app
&
https://domainserver/app
In Azure AD the reply url for the application is setup as
http://domainserver/app/signin-oidc & https://domainserver/app/signin-oidc
When using http url, the sign-in process works fine, however in https mode, we get the following error:
AADSTS50011: The reply address ‘https://domainserver/app/signin-oidc’
does not match the reply addresses configured for the application:
appguid . More details: not specified
The reply https url is setup in AAD for the App exactly as it appears in the error message, so I’m not sure why it says it’s not matching.
One reason I can think of is that the SSL certificate used for https is a local domain signed certificate, and somehow it’s causing the error. But I’m not sure if that’s the case since AAD is just responsible to redirect back to the specified url, should not really care or know about the validity of the SSL.
Here is the image showing the setting url, the redirect url and the error message url matches exactly. You just have to trust me the part that's blocked out are also the same. :)
Anyone got any ideas why this happens?
Protocol matters. Azure AD will treat http://website.com and https://website.com as different reply URLs. However Azure can only let your put in multiple Reply URLs in a same domain. There is a case solution may be helpful to you:
Issue: Using the Azure AD authentication option to sign into the Skype for Business (SfB) Web SDK and you are seeing an AAD error page . The error page should have this message:
"AADSTS50011: The reply address 'https://...' does not match the reply
addresses configured for the application <...>"
Solution:
You need to configure the main domain name where you're hosting your app as a reply URL in the AAD registration for your app and pass it as the redirect_uri when redirecting to AAD to allow the user to sign in.
You should be using code like this to redirect the user to enter her credentials to sign into Azure AD:
var href = 'https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=';
href += client_id + '&resource=https://webdir.online.lync.com&redirect_uri=' + window.location.href;
window.location.href = href;
Note In the code above that we are using window.location.href as the value of the redirect_uri query parameter in forming the URL of the AAD endpoint where the user will sign in. This parameter tells AAD to redirect the client browser and the access token obtained by signing into AAD back to the page we're currently on - the main app page. However, AAD will only redirect the access token to URLs that are specified as Reply URLs in the app registration in AAD.
Follow these steps to check your configured Reply URLs and add additional ones:
Sign into portal.azure.com with an account that's an administrator on your tenant.
Navigate to Azure Active Directory in the left side bar > App registrations > Your app > All settings > Reply URLS.
Type the domain name where you're hosting your app and click Save.
This solution is from this document.
Update
According to your screenshot, your Reply URI is different:
https://domainserver/app/signin-oidc
is not in your Reply URL list,
in your Reply URL list is
https://domainserver/app/signin-odic
Go to change them as same URL .
I'm trying to set up a SPARQL endpoint for an Organisation as part of a Open source project with Apache Jena Fuseki and will be hosting it on a server publicly soon and i've uploaded the open data into it.
While i want users to be able to directly query the dataset without any authentication i'd like to disable only adding of new datasets through any sort of auth(Even Basic auth would do as of now , ie : major concern is only that other people should not corrupt the endpoint)
Right now i've identified three ways users can do this
Through the admin UI from a browser ( internally calls the POST request to {fusekihostedURL}/dataset/update?=xxxx )
through a POST request through command line to the publicly hosted dataset
through the Sparql Graph protocol ( sends POST request to {fusekiURl}/dataset/data )
i can use a shiro.ini with a basic auth of username and password , but that blocks the fuseki landing page itself with a pop-up of username and password which i don't want to enable querying for the public .
Apart from sitting behind a reverse proxy ( using fuseki as a war file on tomcat so blocking that port would mean blocking all other applications ) is there anything that could be done ?
Any help would be greatly appreciated
If you write a configuration file for your dataset, then you can simply not provide endpoints for update and graph store protocol update (which will also disable dataset update).
You can also do this in shiro.ini - it will take editing of the shiro.ini file to put in more sophistiated rules than the default. Not providing the services is the most secure.
I am basically using Datapower AAA policy and in that I have configured 'using LDAP to bind DN' as authenticate mechanism.
Now i have made rules and configured host and LDAP port
I have a user and Password to test whether it exist or not
How to test
Is there any gateway present to test(like MCCP)?
You need to attach this AAA Policy with some top level service objects [Web Service proxy, Multi Protocol Gateway, XML Firewall etc]. After that test the service to see if authentication is working fine or not? If you already did that, can you specify what is the exact problem you are facing?
You can extract the user name and password and u can send over to LDAP server .
This you can achieve using an xsl to connect to LDAP and check the authentication.
We have pre-defined functions for LDAP search and authentication.
search : dp:ldap-search(address, port, bindDN, bindPassword, targetDN, attributeName, filter, scope, sslProxyProfile, ldapLBGroup, ldapVersion, ldapReadTimeout)
Auth : dp:ldap-authen(bindDN, bindPassword, serverAddress, sslProxyProfileName, ldapLBGroup, "", ldapVersion, ldapReadTimeout)