We have created the endpoint for token exchange, but how do we test "Streamlined Identity Flows" in Actions on Google simulator?
You can use the gala-demo tool to test these. Take a look at: https://developers.google.com/actions/identity/account-linking#seamless_identity_verification
Related
I'm facing the same issue as the one posted at (How to get authorize code to dismiss login page with oauth2 wso2 identity server)
I tried to follow the solution instructions, but in my case, the drop-down menu under "Request Path Authentication Configuration" is empty; no options listed.
I checked the application-authentication.xml file under /opt/wso2am-4.1.0/repository/conf/identity and I have this:
I'll apprecitate any support you can provide. Thanks. Daniel
Just to close this thread, and as I was not able to get a solution, I solved it by running an instnace of the WSO2 Identity Server and handle the security through this product, instead of using the IS features the API manager has embedded. cheers!
I need to configure Azure Active Directory SSO for Tableau Server gallery app as it is under MS documentation link programmatically. Are there useful powershell cmdlets / rest apis?
I create application from gallery using graph api from Step 1 on MS docs.
To get available templates:
GET https://graph.microsoft.com/beta/applicationTemplates
To create template app:
POST https://graph.microsoft.com/beta/applicationTemplates/{id}/instantiate
Now I need to configure SAML SSO from code and assign users. Is there an easy way to do that? I tried Set-AzureADApplication but it didn't do the job for me. The enterprise application is still not set.
Maybe it's not supported yet? I believe there can be some workaround. I would be grateful for any help.
Are there useful powershell cmdlets / rest apis?
Yes, but per my test, we need to do that into two parts.
1.Set the Sign-on URL, to do this, we need to call Microsoft Graph - Update serviceprincipal.
In the Graph Explorer, use the request below.
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"loginUrl": "https://azure.signtest.link"
}
Note: In the request above, you need to use the object-id of the service principal(Enterprise application), not the AD App(App registeration). You can find it in the Azure AD in the portal -> Enterprise Application -> find your Tableau Server -> get the Object ID like below.
2.Set the Identifier and Reply URL, we could do this via Powershell Set-AzureADApplication.
Sample:
$Identifiers = #(
"http://www.tableau.com/products/server",
"https://azure.idtest.link"
)
$ReplyUrls = #(
"https://azure.rptest.link/wg/saml/SSO/index.html"
)
Set-AzureADApplication -ObjectId <object-id of the AD App> -IdentifierUris $Identifiers -ReplyUrls $ReplyUrls
For the object-id of the AD App, navigate to the Azure AD in the portal -> App registrations -> find your Tableau Server. After running the command, the settings will map to the enterprise application.
Check the result in the portal:
Update:
Not sure if it is a bug, if I create a new app without setting the Identifier and Reply URL manually in the portal, then just use the powershell above to set them, they will not map to the portal.
But if we check the service principal(enterprise application) directly via Microsoft Graph, we can see the powershell actually affected the service principal.
If we configure the settings manually in the portal first, then use the powershell to update them with other values, it works.
And it looks there is no way to set the Default Reply URL via powrshell or API, if we set the Reply URL which is different from the one set manually in the portal, it will have a prompt like below.
But if we look into it, actually the Default option is checked.
Update2:
Eventually, I find the trick, it is not a bug, we just need to set the preferredSingleSignOnMode for the service principal first via Microsoft Graph, then we won't need to configure that in the portal manually.
Sample:
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"preferredSingleSignOnMode":"saml",
"loginUrl": "https://azure.signtest.link"
}
Trying to customize Portfolio Item Burnup , got source code from https://github.com/RallyApps/app-catalog/tree/master/src/apps/charts/rpm/burn
Now after compiling using "rally-app-builder build" command and after that running with "rally-app-builder run" command, I am able to run the page. In another tab of chrome, Rally is logged in. the launched page is getting authentication from rally session and able to get some data like searching some PFG/PF etc.
Now problem is after applying some settings and selecting some PF/PFG, its again demands authentication (for rally1.rallydev.com/slm/webservice/v2.0/security/authorize). This authentication is not working with my credential.
I have also generated some api key from rally1.rallydev.com/login/accounts/index.html#/keys ,but, that also not working.
Pls help on this.
Thanks,
Udayan
I'm assuming you use SSO to login? If so, you won't be able to correctly authenticate against that /security/authorize endpoint (which is used for generating a CSRF token when making POST/PUT/DELETE calls against wsapi- GETS are fine).
You were on the right track with the api key. Generate a key and then just add it to the query string of your app url:
http://localhost:1337/App-debug.html?apiKey=83h3lkb4b43302bfvlav
There's also a guide in the App SDK docs that describes this in greater detail: https://help.rallydev.com/apps/2.1/doc/#!/guide/embedding_apps
Does anyone know how to use Brickred Socialauth API 4.3 in servlets with Google Oauth 2.0?
Where could I get the *consumer_secret* and *consumer_key*?
Was using the API successful at your side?
The instructions available on the BrickRed wiki no longer work as you have already found out. The following should work assuming:
A. You are using socialauth 4.2+. I tested these with socialauth 4.4.
B. You are trying to configure your own domain and not using the brickred domain for testing.
C. You are creating a web application, else adjust accordingly
First register your application on Google Cloud console:
a. Go to https://cloud.google.com/console/project
b. Login
c. Create a new project
d. APIs & Auth > Credentials
e. Create New Client ID ( Application Type: Web Application, Authorized redirect URL: http://YOUR_HOST_NAME/socialauth.html)
Modify brickred properties.xml
Replace
<prop key="www.google.com.consumer_key">opensource.brickred.com</prop>
<prop key="www.google.com.consumer_secret">YC06FqhmCLWvtBg/O4W/aJfj</prop>
with
<prop key="googleapis.com.consumer_key">CLIENT ID created in Step 1.e above</prop>
<prop key="googleapis.com.consumer_secret">Client Secret created in Step 1.e above </prop>
If you are not using Spring, modify oauth_consumer.properties
Modify the link in your application where the user clicks on to start the contacts import process:
change
?id=google
to
?id=googleplus
Hope this helps
You can register your app to use Google OAuth at:
https://developers.google.com/accounts/docs/OAuth2Login#registeringyourapp
from where you get your "secret / key".
I have successfully implemented SocialAuth with Facebook and it worked properly. I still don't have any experience implementing it with google OAuth2 but it should work. Their CDI example does authenticate with Google, I am just not sure if using Oauth1 or Oauth2.
Regards.
For people who cannot find the consumer_secret, I found a solution:
socialauth is using web flow. So if you are socialauth-android you need to create web application instead of installed application.
So even for an Android App, you still need create a Client ID for web project. The secret will be displayed in page directly!
I'm looking to write a philips hue service that needs to allow users to register their hue bridge with my service. This service would change the color of bulbs based on an event. I'm aware that I can use IFTTT but in this scenario, I'd like to not use IFTTT and I'd like to register my website with philips hue's apps.
Any idea how I can do this? Your help is very much appreciated. Thanks!
EDIT: Not sure why I was down voted but I definitely did do my research. I looked on philips hue's developer website and couldn't find anything that was explicit on their APIs. I also looked through the iOS SDK and didn't see any methods that would trigger the pairing routine for remote devices. So far, the only example I have of this working (outside of Philips' products is the IFTTT service, which allows for an entry to be added into the 'My Apps' section).
TLDR: I wrote an API: https://github.com/jarvisinc/PhilipsHueRemoteAPI
I answered this question on my technical blog (http://blog.paulshi.me/technical/2013/11/27/Philips-Hue-Remote-API-Explained.html), which I will post here:
The question actually comes as two part:
Authentication
Remote Control
Authentication
I haven't figure out a reliable way to do authentication automatically. The following procedures needs to be automated: The idea is to fake as official iOS APP which has the ability to control remotely when enabled. We will need to get BRIDGEID and ACCESSTOKEN to pass the authentication step for remote control.
Find your BRIDGEID from https://www.meethue.com/api/nupnp. (or in My bridge page on the meethue website and by clicking on "Show me more")
Get ACCESSTOKEN
www.meethue.com/en-US/api/gettoken?devicename=iPhone+5&appid=hueapp&deviceid=**BRIDGEID**
Right click on "BACK TO THE APP" and write down ACCESSTOKEN inside the link it redirect to
phhueapp://sdk/login/**ACCESSTOKEN**
Basically it is a hack to get your access token. You fake your app as the official iOS Hue App, and ask for access token that way. I am not sure there is an easier way out there, if you do know one, please do comment below.
You can potentially automate it by doing simulated log-in session and grab the the ACCESSTOKEN by scraping the page content. But I consider it highly unreliable because any change to the official page will likely break it.
I wrote this script that allows the automation of getting ACCESSTOKEN as of today, but I don't guarantee it will work tomorrow for the reason I explained above :P
Currently, this OAUTH process only works with official apps. There might be a slight chance that they will open it to other 3rd party apps.
Remote Control
Once authentication is done, this part can be done automatically. There are 2 known private endpoints for sending control command and getting all the status related to the hue bridge.
Sending Command Endpoint:
POST https://www.meethue.com/api/sendmessage
Getting Status Endpoint:
GET https://www.meethue.com/api/getbridge
Sending Command Endpoint
URL: https://www.meethue.com/api/sendmessage
Method: POST
URL Parameters:
token=**ACCESSTOKEN** (which you obtained earlier)
Request header
content-type=application/x-www-form-urlencoded
body
clipmessage={ bridgeId: "**BRIDGEID**", clipCommand: { url: "/api/0/**APIENDPOINT**", method: "**METHOD**", body: **JSONCOMMAND** } }
BRIDGEID is the same one you obtained earlier
APIENDPOINT the same as official API /api/<username>/*** by removing /api/<usename>/ part
METHOD PUT/GET/POST/DELETE the same 4 method as official API. Despite GET really doesn't work since all response from the Sending Command Endpoint is 200 explained in the following part, while DELETE is not tested
JSONCOMMAND The actual command body for example {"on":true}
Getting Status Endpoint
URL: https://www.meethue.com/api/getbridge
Method: GET
URL Parameters:
token=**ACCESSTOKEN**
bridgeid=**BRIDGEID**
Request header
content-type=application/x-www-form-urlencoded
Limitations
Current limitation is you cannot immediately know from the response whether your control command succeeded like the official API. All the response you get from calling the Sending Command Endpoint is pretty much always <200> if you are doing it correctly. But you can always pull all the status related to the Hue bridge from the Getting Status Endpoint.
Remote Control API
I wrote Philips HUE Remote API to specifically solve the remote control problem.
Enjoy :)
Paper
For full documentation please refer to this excellent paper:
Hacking Lightbulbs: Security Evaluation of the Philips Hue Personal Wireless Lighting System by Nitesh Dhanjani
I did some investigation by following the steps of #paul-jianer-shi however the access token are not shown in the generated HTML.
I think the Hue Portal has been updated and removed the way it potentially shows the access token.
I wrote a blog post about doing Remote Hue operations by reusing the access token of another application, like IFTTT. The main change is how to get your hands on that access token. The token in shown in the 'My Apps' section of the Hue Portal. Check the (De-activate) link. It contains the access token.
Next step will be to let Hue Portal trust my own app.
Philips plan to make the remote API available to 3rd parties(it's already used by IFTTT and meethue.com).
There is currently a form on the developer website to request an early access(must login):
http://www.developers.meethue.com/content/remote-api