I'm new to java web security. I've done a project that authenticates and authorizes very well using JSF form-based authentication. But the problem is that when i close the browser without logging out and reopen the browser and try to access the project it brings the login page and i can not login. To login i've to deploy the project again. I'm not trying to add the 'Remember Me' feature. Can you guys help me on what I've to do to stay logged in even when i close and reopen the browser and access the project without being asked to login again unless i logged out intentionally.
Thank you in advance.
Related
I am using Openfire Meetings plugin, and the video call opens up from my webapp when the user clicks a link. On clicking the link Jitsi again asks for username and password. I want to automatically authenticate the users as they are already logged in to the webapp.
I have the credentials but can't find a way to auto authenticate Jitsi.
I have tried:
1) Anonymous login: Not desirable, because then anyone who is not a part of our app can use the service.
2) Sending keys in the url.
3) Using jwt: Didn't work but I'd like some help on this.
4) Debugging the source code on Chrome, code is complex so couldn't find much.
I have a React Native app that uses Okta's hosted login page to authenticate.
When a user successfully authenticates for the first time through the PKCE flow, on every other login afterwards, they get automatically logged in as the same user.
I've used additionalParameters: { prompt: 'login' }, but it only asks for you to re enter your password and if you click signout, it brings you to a Citrix page that doesn't change anything about the flow - they still get logged back in as the same user after the fact.
I've tried using both the revoke and logout endpoints which actually changes the cookies a bit, but doesn't affect the flow same goes with restarting the app.
The only way is to clear hardware settings in xcode.
This may not even be an Okta specific issue, perhaps a general OIDC issue.
How does the hosted login page store and know you've previously logged in and how can that be fixed?
I have a project in ASP.NET Core 2.0. I want users to be logged in automatically with Windows authentication if possible, and fall back to a login screen if not. If I enable only Windows auth and not anonymous auth, the Windows auth hits my middleware just fine and everything is good. If both Windows and anonymous are enabled, however, my middleware is getting an empty ClaimsIdentity instead of the WindowsIdentity even if they're logged in via Windows.
From another answer, I found to use the below code to force a Windows auth check:
await HttpContext.ChallengeAsync(IISDefaults.AuthenticationScheme);
With this I was able to use cookies to force a challenge if it hadn't already been attempted, and to show my login page if it had. The problem now is that browsers throw a built-in login message on that Windows challenge if the user isn't logged in.
Is it possible to accomplish this goal in any better way than what I'm doing now? Users having to click cancel out of that forced popup to get to my login screen is annoying, but if there's no better way then that's what it'll have to be.
I'm trying to develop a rally app using the app builder. When I load App-debug.html in my browser, I am prompted to enter my user credentials in the form provided. I enter them, but the form re-appears over and over again.
I did notice that the login attempts to authenticate via https://rally1.rallydev.com:443. If I go to this in another window and enter my account details I am able to get in. However, when I do log in, there is a corporate redirect that takes place (for SSO) and I ultimately end up on us1.rallydev.com.
How would I get my app to authenticate through us1.rallydev.com. Changing urls in App.js and config.json only causes errors when trying to load javascript for APIs.
The app should always just piggyback on your existing session. Changing the serverin config.json and re-running rab build should cause all traffic to go to that server- if that's not happening then that's a bug.
You won't be able to authenticate from scratch using SSO from an app, but it should have no problem re-using an existing session.
Another option is to use an API Key to develop: https://help.rallydev.com/apps/2.0/doc/#!/guide/embedding_apps
I have a mvc4 web app that sits behind ADFS 2.0 authentication, it's configured using the web.config file. The application can be visited by going directly to a URL or as an iframe inside of CRM 2013.
The application works in all (tested) browsers when visiting the URL directly, both redirection to login form and handing the user back to the web app with the proper information in the ClaimsIdentity.
However, when visiting the app as an iframe inside CRM2013, internet explorer goes into a continous login loop. You are asked to provide the credentials (which are the same as for logging in to CRM) and when you click ok you get redirected back to the same login page again, to my knowledge the app never receives the hand off.
In Safari, Chrome, Firefox, and Opera the users are able to log into the application inside of CRM as well as outside without any problems (I'd even go as far as saying that it works better than expected for these browsers).
Does anyone have any idea of what I can try or what the problem could be for IE?
EDIT 1
I'm thinking it has to do with some security setting and am playing around with the settings in IE. Unchecking this box stops the login form from showing in IE at all and I get an empty page instead.
Is the iFrame on the same (sub)domain as the site inside? You can use Fiddler to view your redirect flow, are the cookies added as expected?
I've seen cookies that are overridden by the iFrame host, in that case you lose the auth cookie. Browsers react differently on same domain cookies.
Another problem might be X-Frame-Options, do you see any warning in the F12 console of IE?