I am testing FusionAuth on Docker. FusionAuth container starts successfully and localhost:9011 shows a login page.
What are the default credentials for authenticaiton? Spent sometime searching in the documentation, but couldn't find any mention about default login credentials.
When you first started up FusionAuth, you should have seen the "FusionAuth Setup Wizard" screen. That's where you set up the first account, which is an admin account.
Here's the 5 minute setup guide which walks you through all the screens and through setting up your first application: https://fusionauth.io/docs/v1/tech/5-minute-setup-guide
Here's the section about the setup wizard (in the second half: https://fusionauth.io/docs/v1/tech/5-minute-setup-guide#complete-maintenance-mode-and-the-setup-wizard )
Hope this helps.
Related
We have a Blazor WebAssembly app running on .NET Core 3.1 and using Azure B2C Authentication Flows.
Login flows work just find.
We now need to implement the Password Reset Flow.
The defaults were not working so we followed this guide for a workaround.
https://iheartms.azurewebsites.net/2020/04/10/blazor-aad-b2c-additional-user-flows/?fbclid=IwAR0LQn1zeXPY5JIpezJkMtdzmQSkP38PkFzGeFeUM72-pSD1-rvTsR0BWOE
It worked for the most part, we are able to reset the password, however, when the flow navigates back to the Blazor App with the token, the passwordreset-callback page is displayed but not redirecting to the main page,
we even tried to override all of the methods in the page component to check if any is executing, but none is.
We need a way to fix this, so the users can login after resetting the password.
The password reset flow was just updated in AzureADB2c, please refer to the updated docs here https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-password-reset-policy?pivots=b2c-user-flow#self-service-password-reset-recommended
They have removed the need to trap and handle an error code on the client - as it is all handled by AzureADB2C.
I have a React Native app that uses Okta's hosted login page to authenticate.
When a user successfully authenticates for the first time through the PKCE flow, on every other login afterwards, they get automatically logged in as the same user.
I've used additionalParameters: { prompt: 'login' }, but it only asks for you to re enter your password and if you click signout, it brings you to a Citrix page that doesn't change anything about the flow - they still get logged back in as the same user after the fact.
I've tried using both the revoke and logout endpoints which actually changes the cookies a bit, but doesn't affect the flow same goes with restarting the app.
The only way is to clear hardware settings in xcode.
This may not even be an Okta specific issue, perhaps a general OIDC issue.
How does the hosted login page store and know you've previously logged in and how can that be fixed?
I have an azure web app with nothing but .HTML and .CSS files - there is no code of any kind.
Azure AD authentication is enabled.
I am able to visit the site URL, get redirected for authentication and I get in just fine.
Everyone else gets sent to this page after login:
https://myurl.com/.auth/login/aad/callback
and they get a 401 error on the browser:
You do not have permission to view this directory or page.
Why is it working for me, and not everyone else who authenticates?
Is there somewhere I need to tell Azure Web Apps that I want all the files to be available to any authenticated user?
This issue may caused by that the AD application for your Web App has not been configured correctly. I did a test in my lab and found this solution:
Solution:
Go to Azure Portal > Your Web Application > Authentication/Authorization > Azure Active Directory > Manage Application > Required permissions >
Delete other permissions except Windows Azure Active Directory > Ensure the DELEGRATED PERMISSIONS Sign in and read user profile has been enabled and the REQUIRES ADMIN is NO:
Also, Ensure the App ID URI and the Home page URL are all the URL of the Web app
Additional, if your configuration still cannot work, you can delete the Azure AD application and follow this steps to recreate a new one. It will work perfectly.
Please let me know if it helps!
Found the answer to this, posting here to help others.
When you setup "App Service Authentication" with Azure using the "Express" option, an "App Registration" is created in Azure Active Directory.
When this happens a Client secret is automagically created on the Azure AD Object and then inserted into the Azure App service
It seems that something happened along the way in my website, where this was set correctly initially, but then changed - I'm sure it was my own doing.
The symptoms of this are a bit interesting.
Any account that worked prior to the change of the App Registration continued to work.
Any account that hadn't yet signed in, failed.
This is why one of my accounts worked and the rest did not.
The solution was fairly simple, I clicked on the app service in azure, the on the Azure AD line, then in the "Azure Active Directory Settings" blade, set the "management mode" to "off" hit ok,
and saved in the blade to the left, then refreshed the browser.
Next I went into Azure AD and deleted the app registration for that app, (I did this so I could re-use the app registration name)
Here is a screenshot of that screen, it's under the active directory category, and not part of your web apps settings. find your app registration, click it and then delete.
Next I went back to the Azure App service (web app) and Re-configured Azure AD Auth using the "express" settings.
Hope this helps someone!
I have a simple question that I can't solve with the resources about moodle and LTI.
I want my users to login into their App with moodle credentials (as often done with e.g. "login via facebook") - is my app the consumer or the provider?
I first thought the app is the provider but some points make me question that:
No, I do not want to start the app from within moodle.
No, I also do not want to embedd my app content in moodle.
I just want the users registered in moodle login to an app with their moodle username and password
All content I found on LTI provider assumed the opposite of point 1 and 2.
However, I also found that moodle can be a provider itself. It has been shown to be embedded in an external application. But in my understanding, the consumer is responsible for authenticating the login (which is opposite to point 3).
Am I missing something, that makes it so hard to see the soution here?
I found Atomic Jolt's try_oauth repo will do exact what you want. It also has an excellent code along video which explains the workflow really well.
You navigate to the app and it opens up a Canvas authentication page and grabs the users credentials.
https://github.com/atomicjolt/try_oauth
Hope that help.s
There is a plugin for moodle which makes it a oauth2 provider. You could use that to allow authentication in your app with moodle credentials.
https://github.com/projectestac/moodle-local_oauth
I am trying to have Azure federation in one of my MVC application, but ending up having this error
Sorry, but we're having trouble signing you in.
Account 'soandso#microsoft.com' is not configured to sign-in to this application.
Sign-out and sign-in with another account.
Additional technical information:
Trace ID: b94e380f-8234-4221-a59d-6efb5e644c83
Timestamp: 2014-06-25 08:35:00Z
ACS50001: ACS50001: Relying party with identifier 'http://testsmb.azurewebsites.net/testsmb' was not found
Not sure where I am doing wrong. Any help would be highly appreciated. I tried doing googling but nothing helps.
Vinod
Did you try running the browser in in-private mode? It looks like you are signing in automatically to the microsoft.com directory, whereas you want to use a test directory for your development.
Azure AD does not issue a token to an application if the application hasn't been installed in the directory. The installation of the application can happen in two modes: Administrator consent and User only consent. With administrator consent, the application can sign-in any user in the organization, however with user only consent, the application can sign-in only that specific user. This help topic (msdn.microsoft.com/en-us/library/azure/dn151789.aspx) explains how to get consent in the 'Add Sign-Up Capabilities to the Application' section.