I am working with the SocialAndLocalAccountsWithMFA starter pack and have discovered an issue. When I register a user I am prompted to setup MFA which works as intended. However, when I try to login with SSO I am being prompted for MFA again.
I have verified that I am not sending prompt=login.
I have attempted to search for an answer with no results or dead ends.
here is code snippets from my trustframeworkbase.xml
<OrchestrationStep Order="7" Type="ClaimsExchange">
<Preconditions>
<Precondition Type="ClaimsExist" ExecuteActionsIf="true">
<Value>isActiveMFASession</Value>
<Action>SkipThisOrchestrationStep</Action>
</Precondition>
</Preconditions>
<ClaimsExchanges>
<ClaimsExchange Id="PhoneFactor-Verify" TechnicalProfileReferenceId="PhoneFactor-InputOrVerify" />
</ClaimsExchanges>
</OrchestrationStep>
Here is my SM-MFA
<TechnicalProfile Id="SM-MFA">
<DisplayName>Session Mananagement Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.DefaultSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
<PersistedClaims>
<PersistedClaim ClaimTypeReferenceId="Verified.strongAuthenticationPhoneNumber" />
</PersistedClaims>
<OutputClaims>
<OutputClaim ClaimTypeReferenceId="isActiveMFASession" DefaultValue="true" />
</OutputClaims>
</TechnicalProfile>
I think you have used "SM-MFA" technical profile inside "PhoneFactor-InputOrVerify" technical profile. So till this "PhoneFactor-InputOrVerify" technical profile is called, the claim "isActiveMFASession" will not exist and it will trigger MFA every time. Hence, this OrchestrationStep isn't being skipped, because the "isActiveMFASession" claim doesn't exist.
Related
I have created a custom B2C_1A_SIGNUP_SIGNIN Policy.
Used Google Authentication.
When I hit the create button mypersonaltenantid gets validated through a Azure Function.
I am presented the error message You already registered, please press back button and sign in instead.
Before executing this policy i made sure this user does not exist-
After the error message is displayed i look inside B2C: The user was created incl. my custom claim with value mypersonaltenantid.
I was assuming that i am transferred to a different page after signup. Is this assumption wrong?
Created a Issue and got the final hint.
Looks like a action was performed twice. In my case I had a Base policy and a extension policy which had a ValidationTechnicalProfiles section.
Base.xml
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
</ValidationTechnicalProfiles>
Extension.xml
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-ValidateTenantId" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
</ValidationTechnicalProfiles>
My assumption after both files get merged:
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-ValidateTenantId" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
</ValidationTechnicalProfiles>
But it looks like the merge is performed like this:
<ValidationTechnicalProfiles>
<ValidationTechnicalProfile ReferenceId="REST-ValidateTenantId" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
<ValidationTechnicalProfile ReferenceId="AAD-UserWriteUsingAlternativeSecurityId" />
</ValidationTechnicalProfiles>
Of course that explains why AAD write is performed twice.
From my point of view the error message is quite misleading.
I use "DB navigator" plugin(https://plugins.jetbrains.com/plugin/1800-database-navigator/) for my Intellij IDEA Community version quite some time and am very satisfied.
I want to know the password of my DB connection saved in the plugin. They are saved, they are there, but I cannot share it with my teammates.
Even all the IDEA passwords are set to be stored in the system keyring, I don't find them in seahorse, i.e., "Passwords and Keyrings" application in my Ubuntu.
Where are they?
At last, I found it in
<project_root>/.idea/dbnavigator.xml
search your connection name, and you will see sth like this:
<connection id="e208f307-8c08-45d5-93fd-958c1d68d049" active="true">
<database>
<name value="UAT" />
<description value="" />
<database-type value="ORACLE" />
<config-type value="BASIC" />
<database-version value="11.2" />
<driver-source value="BUILTIN" />
<driver-library value="" />
<driver value="" />
<url-type value="SERVICE" />
<host value="some-host" />
<port value="1523" />
<database value="APP_DB" />
<type value="USER_PASSWORD" />
<user value="admin" />
<deprecated-pwd value="<base64-encoded-password>" />
</database>
...
</connection>
So, I tried to base64 decoded them... and it works...
Please, if the author sees this, please don't encrypt it in the future versions; I need them to be in my local so that I don't have to ask my teammates again; too shy am I. Please take into consideration that I created the tag db-navigator for the first time while asking this question, so that ppl around the world could gather together with love of this plugin.
And, any coder reading this: please ignore this file in Git, as it contains sensitive data.
while making request for EnhancedAirBooking for getting the error response INVALID BOARD POINT
But it works fine for other flightNumber and MarketingAirLineCode.
Sample RequestBody for which getting the above error response:
<soap_env:Body>
<EnhancedAirBookRQ xmlns="http://services.sabre.com/sp/eab/v3" version="3.0.0" HaltOnError="true">
<OTA_AirBookRQ>
<HaltOnStatus Code="UC" />
<HaltOnStatus Code="NN" />
<OriginDestinationInformation>
<FlightSegment FlightNumber="572" DepartureDateTime="2018-07-15T22:05:00" NumberInParty="1" Status="NN" ResBookDesigCode="K">
<DestinationLocation LocationCode="JNB" />
<Equipment AirEquipType="74H" />
<MarketingAirline Code="SA" FlightNumber="7572" />
<MarriageGrp Ind="false" />
<OperatingAirline Code="LH" />
<OriginLocation LocationCode="FRA" />
</FlightSegment>
</OriginDestinationInformation>
<RedisplayReservation NumAttempts="9" WaitInterval="9000" />
</OTA_AirBookRQ>
<OTA_AirPriceRQ>
<PriceRequestInformation Retain="true">
<OptionalQualifiers>
<PricingQualifiers CurrencyCode="CHF">
<PassengerType Code="ADT" Quantity="1" />
</PricingQualifiers>
</OptionalQualifiers>
</PriceRequestInformation>
</OTA_AirPriceRQ>
</EnhancedAirBookRQ>
I think it's because you are sending the request with a different flight number. You should be sending FlightNumber="7572" in the FlightSegment node, not "572".
It is sufficient to provide Marketing Carrier and Marketing Carrier Flightnumber. What leads to confusion here, is that you passed the operating flight number in the node where the marketing carrier flight number is expected. If you want to pass the "572" it should be done in the operating carrier part, but its not required to have it at all.
I am trying to send saml response from my shibboleth idp to a service provider
How can I pass the friendlyname instead of urn:oid in saml response? Right now, my saml response contains the urn:oid only,
for instance, 'urn:oid:0.9.2342.19200300.100.1.6': '106',
what I need to to pass is a key called "productid" along with this response,
'productid: '106',
below given is my attribute-resolver.xml where I've passed the friendlyName as productid for roomNumber(urn:oid:0.9.2342.19200300.100.1.6)
<resolver:AttributeDefinition id="productid" xsi:type="ad:Simple" sourceAttributeID="roomNumber">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:roomNumber" encodeType="false" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="urn:oid:0.9.2342.19200300.100.1.6" friendlyName="productid" encodeType="false" />
</resolver:AttributeDefinition>
Can I please get some insights into this?
According to the doc for SAML2 String looks like you should be able to do:
<resolver:AttributeDefinition id="productid" xsi:type="ad:Simple" sourceAttributeID="roomNumber">
<resolver:Dependency ref="myLDAP" />
<resolver:AttributeEncoder xsi:type="enc:SAML1String" name="urn:mace:dir:attribute-def:roomNumber" encodeType="false" />
<resolver:AttributeEncoder xsi:type="enc:SAML2String" name="productid" friendlyName="productid" encodeType="false" />
</resolver:AttributeDefinition>
although you're encouraged to make sure the attribute is unique by its scope.
I have the following config file in my application:
<configuration>
<appSettings>
<!--Setting for user name-->
<add key="wcf:userName" value="wcfuser" />
<!--Setting for password-->
<add key="wcf:userPassword" value="abcdef" />
<!--Setting for is cloud application-->
<add key="IsCloudApplication" value="true" />
</appSettings>
<configuration>
I want remove this comment on the production server via Wix XmlConfig. I tried to use the following code:
<util:XmlConfig Id="RemoveWcfComments" File="[INSTALLFOLDER]Web.config" Action="delete" ElementPath="configuration/appSettings" VerifyPath="<!--Settings for user name-->" Node="element" On="install"/>
,but this is not working: exceptions no occurs, but the comment remains in the config file. Any ideas?
Thank in advance.
I'm not exactly sure but you can try this:
<util:XmlConfig
Id="RemoveWcfComments"
File="[INSTALLFOLDER]Web.config"
Action="delete"
ElementPath="//configuration/appSettings"
VerifyPath="//configuration/appSettings/comment()"
Node="value"
On="install"/>
As you can see ElementPath and VerifyPath are XPath-s, so they are invalid in your code. I'm not sure that Node="value" is right option, you could try Node="element" too.
Using Xpath the Comment() method will select all the the comments underneath AppSettings, if you have multiple comments but want to delete only one, then make use of the xpath below:
VerifyPath="//configuration/appSettings/comment()[.='Settings for user name and password']"
If there are multiple comments and you want to delete the first comment based on the order then you can make use of the below xpath as well:
VerifyPath="//configuration/appSettings/comment()[1]"