I'm currently trying to connect using GAM with a 3rd party authentication provider that is Auth0. It provides many different types of connecting with them, one of which is by using Oauth2.
I've followed this article in Genexus Wiki that has some examples. The configuration is very straight forward, using the information provided by Auth0 (client secret, client id, endpoints, etc) but after setting up all that, at the moment of trying to login it only shows up with the local login, instead of redirecting to Auth0 Login Page.
Has anybody configured and run succesfully with this Provider, or any other that isn't the Google/Office365 examples from the wiki?
I'm using Genexus 17 U5 with Java Generator
You probably did not fill in the "URL" property correctly, like this image below:
We have it up & running with Office 365.
The config for Office 365 is here:
https://wiki.genexus.com/commwiki/servlet/wiki?39166,Office%20365%20Authentication%20using%20GAM
I had the same problem.
It was solved unchecking "Include Redirect URL" in Authorization tab.
Related
I'm having issues setting up the Microsoft auth module for Jetbrains Hub. I have created an app within the Azure App registrations portal.
Under the heading "Authorization Service Endpoints" I changed the Authorization and Token endpoints to the ones found within the Azure App registration. Specifically the OAuth 2.0 authorization endpoint (v2) and OAuth 2.0 token endpoint (v2) URL.
I am using the following scopes: email offline_access openid profile User.Read
Everything seemed to work fine, I click on the auth module login button and get redirected to my organisation's portal and am asked to login. Once I login however I am redirected back to my Hub environment and the only error I receive is: "Cannot retrieve details from the user profile in the OAuth provider." I have tested this with multiple accounts.
Have I forgotten something?
Following these steps in the documentation should do the trick: https://www.jetbrains.com/help/hub/azure-ad-auth-module.html#common-tenant-setup I've just set it up in my local environment and it works fine. So please check that you've not missed anything and followed the steps. Thanks.
If you've done everything per doc, but the issue still persists, the best solution would be sharing the details with the Jetbrains Hub support directly.
I have tried to find but without any success on how to use Windows authentication that is implemented in IdentityServer4 samples (Quickstart6: AspNetIdentity).
What I managed to find out is that I can use http://localhost:5000/connect/token to POST client_id, client_secret, scope and grant_type in order to get token. The issue is next. From what I have managed to find out in order to use Windows authentication, I need to use "hybrid" for grant_type, but I always get "unsupported_grant_type".
Since I want to avoid default MVC client that is in that example to work with Windows authentication, how can I use Windows authentication trough rest with provided username/email and password, so I can make my own login page for Windows authentication in for example React application?
I have also found http://localhost:5000/connect/authorize endpoint, but I don't know if I can use it for this and how to even work with that endpoint.
I'd suggest reading more about OpenID connect in general to familiarise yourself with the various flows.
When working in a Windows context I'd recommend using ADFS. The latest version supports OpenID Connect out of the box so is a doddle to integrate with from ASP.Net Core whereas the other options (direct LDAP calls or IIS integration) are more complex and/or restrictive.
That said, this article covers how to use integrated Windows auth when running in IIS on Windows: https://docs.identityserver.io/en/release/topics/windows.html
I'm working with WSO2 Identity Server 5.3.0 (it's installed on a VM in a server).
So, I would access to my application using WSO2IS login page.
I've already set the Service Provider by Management Console.
I've not set the IdP because I've thought that must be the Resident one.
It's enought like thta? Should I modify some files?
I cannot find the related page on the Documentation.
Hope to be clear.
After doing all, the /authenticationendpoint/login.do doesn't returns the possibility to introduce username and password.
Edit:
#Bee I add here the screenshot
and this is my url:
http://myurl:9763/authenticationendpoint/login.do?response_type=code&scope=openid&client_id=my_clientID&redirect_uri=/myuri/
Here you have multiple options. You can use either basic auth, OpenID Connect, SAML SSO, Federated authentication etc to authenticate to your app. Some useful links are below.
https://docs.wso2.com/display/IS530/Authentication
https://docs.wso2.com/display/IS530/Basic+Client+Profile+with+Playground
https://docs.wso2.com/display/IS530/Writing+a+Web+Service+Client+for+Authentication+and+User+Admin+Services
https://docs.wso2.com/display/IS530/Authenticators+and+Provisioning+Connectors
I'm trying to write a C# console app that will register an application in Azure Active Directory. It should work just as the web application project creation wizard in VS 2013 when you Change Authentication and select Organizational Accounts in Azure.
Following the fiddler trace, I can see that it authenticates the user using wsfederation and an oauth2 token and then uses the graph.windows.net graph api to configuration the AAD directoryObjects service principal and application.
I have tried to use the sample Graph API app, but it requires the app be registered first so that I have the clientId (application id) and password (key) to send in the Acquire Token request using the Windows Azure AD Authentication Library for .NET.
I've tried using a bunch of the different Azure APIs but they all have my chicken and egg problem, I want to use an unregistered client application to register an application in AAD. I need to avoid Configuring Application Authentication and Authorization for the Graph API so that the user has no manual steps.
Does anyone know how Visual Studio does it, using just the user login with browser prompt or if there is a standard application id and password that can be used to access the graph API, like there is the standard login URL, https://login.windows.net/common? Some C# samples would be greatly appreciated.
This post does the Application creation, but requires a clientId and password, which I don't think I have.
You can't register a new application using the Graph API from an unregistered client. The only reason the VS2013 flow works is because VS2013 is already registered in a special way within Azure AD -- it's a first party application and has unique permissions. In my Fiddler trace, VS2013 uses a client ID of 872cd9fa-d31f-45e0-9eab-6e460a02d1f1. Technically you can use this client ID and the redirect URI of VS2013 to initiate sign-on with Azure AD. This still involves user interaction (the user has to authenticate via browser pop-up) so it doesn't meet your requirement for "no manual steps," but it's somewhat helpful for understanding the protocol flows and how registration works.
The bottom line is that if you want to call the Graph API without user interaction (client credential flow), the client needs to be registered with the proper application permissions.
I've been trying to integrate my application (ruby) with a Google AppScript (published as a Web Application with access level as 'only me') on behalf of a Google Apps account for quite some time, but I can't get a handle of it. Maybe I'm missing a key concept here or that sort of authentication/authorization isn't available when making requests in the background.
The script works fine when I'm logged in to gmail and access the script endpoint. I can also successfully connect to it using a sinatra application authenticated with openid.
I've already tried to use google-api-ruby-client, but I can't get the authorization scope right (service name). I've also tried clientlogin in gdata-ruby-util, to use Gmail login/password and get an authorization error message when trying to fetch from the script url.
Is it doable? Can anyone point me in the right direction?
Unfortunately, Contentservice in Apps Script (which I think you are using to create your webservice) doesn't provide any authentication mechanism. If you are accessing it from a server side script, you can use a token string which is known by your webservice app and your server to provide a level of security to your publicly accessible webservice.
Here are some similar discussion
How to use Google Apps Script ContentService as a REST server
Google App Script: ContentService web app usage