We have Auth0 enabled for a site and it has been working well for quite some time.
All of a sudden when I enter the site and get redirected to Auth0 to enter my crendentials (and press login), I get faced with a screen with the following message.
An unhandled exception occurred while processing the request.
Exception: Unable to unprotect the message.State.
MoveNext AggregateException: Unhandled remote failure.
MoveNext
If I repeatedly refresh my site with /signin-auth0 at the end of the url the same error screen is shown.
Now when I repeated all steps from start (meaning entering my site) it all of a sudden work. What's this error anyway?
This was resolved by the Auth0 team as a bug in Auth0's transmission of the state parameter for social logins, notably Google. Things should be working normally again.
Related
I am trying to implement auth0 in a very basic spring-boot-application based on maven. This is the error that I get:
com.auth0.IdentityVerificationException: An error occurred while exchanging the Authorization Code for Auth0 Tokens
When running the original tutorial-project everything works fine. The error occurs only in my custom application. Basically I copied all the files from the tutorial-project into my application. Nevertheless I run into this error...
further down the exception I see a
com.auth0.exception.APIException: Request failed with status code 401: Unauthorized
Solved it:
The client-secret was wrong. Actually there is a space at the end of my client-secret, which I accidentally removed. Wow.
Got my web site pretty much set the way I needed it and so went ahead and converted the site to SSL installing a certificate and then rebuilt my project and pushed it up to the sub folder figuring that would be it. It wasn't the case!
What I have is a two tier'd web site with a landing site that is Anonymous and then a application sub site in a subfolder which uses Windows authentication. The landing site/page works fine yet but when you click on the link to launch the web app and initiate the web app in the sub folder where the Windows authentication is taking place, you are prompted for credentials as you should but upon validation you get this error:
Server Error in '/CInTrac' Application.
Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Description: An unhandled exception occurred during the execution of the
current web request. Please review the stack trace for more information
about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Login failed for
user 'NT AUTHORITY\ANONYMOUS LOGON'.
Source Error:
An unhandled exception was generated during the execution of the current
web request. Information regarding the origin and location of the exception
can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.]
Now admittedly this is my first time setting up SSL so I'm sure that there are things that I could be missing here and so I've likely made some mistakes here but what one earth would cause this to act this way. There is no anonymous calls in the code at all and this runs fine in VS on the desktop. It did run fine prior to setting up the certificate on the server
Any suggestions would be greatly appreciated!
Thanks
Ken...
For some reason, I had to switch to using Basic Authentication with ASP.NET Impersonation enabled (Impersonating the authenticated user) in order to get this to work with the SSL certificate in place. After doing so all was fine.
I have a web application using glassfish and form authentication (j_security_check). All the passwords and usernames are stored in a javaDB (derby). I was able to log into the system while developing on the localhost and now that I deployed the app to AWS whenever I try to log in with a user (I have checked that the user actually exists in the DB), I always get the same error (that i normally get when entering wrong details) i.e. WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed.
Any ideas what it might be? I don't even know what info to provide since the issue doesn't even throw an exception or something. thanks
I am encountering a strange situation with MobileFirst 7.1 where users are occasionally unable to authenticate/login. The only indication that something is awry is a message in the console.log
[AUDIT ] CWWKS1100A: Authentication did not succeed for user ID . An invalid user ID or password was specified.
My custom login module uses com.worklight.core.auth.ext.LdapLoginModule (so to clarify I have a login module which authenticates using LDAP). Like I say everything seems to work most of the time but occasionally users end up in a situation where they are unable to authenticate. I suspect that it is probably related to the session in some way, but that is only a guess based on my investigation.
I have added some logging to my 'secret' adapter which prints the session state to the console log, and obviously this appears in the logs just before the failed authentication message above, but it is empty ie. the session contains nothing.The user is obviously trying to access a secure adapter at this point, and because they are not authenticated they end up at the login page (form based authentication I should say also).
Anyway, I noticed that although there appears to be no session data, the jsessionid is there and has not changed i.e. it does not change even if I refresh the browser. This may not be an issue in itself of course, but interestingly if I remove this entry and refresh my browser I am able to login successfully.
I am pretty sure that my handler code calls the relevant success/failure methods in the correct places but of course there is nothing to stop the user refreshing their browser, which causes them to be re-directed to the login page (the app has been developed using AngularJS so is effectively a single-page navigation model).
The only reproducible test I have been able to come up with is when I login to the MobileFirst console and then try to login to our MF 'desktopbrowser' app. I have read that this situation causes a session-related conflict, but as I say the occasional issue I am seeing is not caused by this (though it may be related).
So the problem seems to have been more related to the flow of logic in our application after successfully logging in, than any inherent issue with the MF Platform.
For example when a user refreshes the browser they are effectively still logged in, but because the app (based on logic we have developed) takes the user to the login page on refresh, the user is effectively re-logging in to the same session. If this failed every time it would of course have been easier to pinpoint but it does not. The solution was to force logout on refresh (when the app initialises), thus cleaning up any session data. In future iterations it may of course be better to re-establish the application based on the authenticated session after refresh, but at present that was a step too far.
Another example of this was post login if the subsequent adapter calls failed (e.g. we authenticate and then retrieve profile data from a database), then we were also not logging the successfully authenticated user out.
I've ran into a problem and I don't know how to fix it. I've searched around to see if other people are having this issue but I can't find anything relative to my error. I'm using the OAuthSample example app. The google login works great but not the twitter login. The error that I'm getting is
Authentication error: Error Domain=com.google.HTTPStatus Code=401 "The operation couldn’t be completed. (com.google.HTTPStatus error 401.)"
I've filled in myConsumerKey and myConsumerSecret correctly so I don't understand what the deal is. The modal drop down window will not even drop down and load the url page so I can put the twitter username and password.
I've figured it out. You have to put a callback url in the twitter settings or the authentication will fail.