I am trying to access the below URL from SoapUI which Retrieves metadata of a specific adapter.
https://www.example.com/worklightadmin/management-apis/1.0/runtimes/myruntime/adapters/myadapter?locale=de_DE
When I am accessing this URL from SoapUI. I am not sure what to give in its header and
I get
HTTP/1.1 401 Unauthorized
But when I use it in browser it asks me to login to worklightconsole so this would be granting access as a admin.
Can some one help me in understanding how to use the above URL in SoapUI and get success response.
Since you are getting 401 Unauthorized, it clearly says that you are trying to access the URL without providing any authorization information. Can you find out from SoapUI where you can provide the authorization information for the request? Basically you can select the 'Basic Auth' and provide the user name and password. For Http client like Postman there is an authorization tab, where you can select the authorization type and then username and password. It should be similar for SoapUI too
Related
I'm trying to do some request by administration REST API through custom client. Client has proper scopes. I get 403. Same issue when authenticate by user (with proper roles). Everything works fine when I change client to 'admin-cli' and use user authentication. I can not see any difference in configuration.
Is it possible to use admin REST API only through client 'admin-cli' and user authentication?
See this answer to learn how to authorize your client to use the admin rest api : Keycloak Get Users returns 403 forbidden
I've configured Cognito to use SAML Identity Provider and did all the setup on AD side, AD accepts the request and allow me to sign-in, then it responds to the configured idpresponse endpoint with the SAMLResponse form data value as you can see in the image below, but Cognito returns a 302 redirect with
location: http://localhost:3000/auth/callback#error_description=Error+in+SAML+response+processing%3A+No+SAML+assertion+found+in+the+SAML+response.+&error=server_error
I'm not sure what is going on, I tried to modify the POST request to idpresponse via curl and it is definitely reading the SAMLResponse form data because if I modify it I get invalid response error.
How can I troubleshoot it?
I am implementing service provider-initiated SSO for Salesforce where the service provider will be Salesforce and the identity provider will be a lambda code. The lambda code will allow a user after verifying the user's mobile number. Once the mobile number is verified a SAMLResponse will be sent by lambda.
I have configured SSO on Salesforce as below:-
I am also able to generate a valid SAML response and have validated it on Salesforce SAML validator as below:-
I have created a login page that will be redirected from Salesforce.
I have also created an API to get a unique SAML response every time for the given federation ID as below:-
https://qodz4saz9a.execute-api.us-west-2.amazonaws.com/v1/generate-saml-response?FederationID=rahul#xyz.com
URL for Salesforce login page is- https://im--partial.my.salesforce.com/.
After all this setup I am able to get redirected to the login page I have created from Salesforce by selecting "Log In with a Different Account" option and then selecting "Twilio" as below:-
Salesforce is redirecting to the login page with a SAMLRequest parameter in the URL as below:-
http://salesforce-sso-page.s3-website-us-west-2.amazonaws.com/?SAMLRequest=fZJRc6IwFIX%2FC.....
I am not sure how to proceed from here and allow login to Salesforce from my login page. Once the user enters a mobile no and OTP, I am redirecting the user to below URL -
https://im--partial.my.salesforce.com?SAMLResponse=PD94bWwgdmVyc2lvbj0i.....
Here I am using SAMLResponse as a query parameter to pass the base 64 encoded SAML response for login to Salesforce. But I am not sure if it is a correct way to authenticate and login to Salesforce.
After entering the OTP(test OTP is 1234) I am getting the below error.
I am not at all using the SAMLRequest generated by Salesforce for generating the SAMLResponse for now.
I have gone through many documents but couldn't find a way to pass the SAMLResponse to Salesforce for login. Please let me know if anybody has any idea about it or if I am following the wrong steps.
The SAML response is sent to the service provider in a specific "way", the protocol refers to this as a binding. In this case the expected binding is HTTP POST. With HTTP POST as your binding, the SAML response must be submitted in a body of HTTP request sent to the service provider via a POST method. The Login URL listed in the Single Sign-On Settings screen is the endpoint where the SAML response should be POSTed. It might look something like this:
POST / HTTP/1.1
Host: im--partial.my.salesforce.com
Content-Type: application/x-www-form-urlencoded
Content-Length: nnn
SAMLResponse=response
Do you need to worry about the SAML request? It depends on your workflow and desired end-user experience. The considerations that go into this decision deserve their own SO question. Meanwhile, take a look at SAML Technical Overview for a summary of these workflows.
Last but not least, this whole sequence of authentication via your mobile number is supported by Salesforce out of the box on some Salesforce products.
(Warning: french user, please forgive me in case of bad translation)
I'm currently trying to call gitlab api with an Oauth access_token header generate by AzureAD, starting with this how-to : https://docs.gitlab.com/ee/integration/azure.html
I generate an access token throught postman
with this configuration
and i get an acess token with it, but when i call gitlab api with this access_token in a Bearer header i have a 401 unauthorized
For information, the configuration of my tenant, app_id and secret_id are correctly set in my gitlab.rb, and i can connect succesfully throught this button
I'm just not sure what scope are needed, so i create one in azure.
Thanks.
A new website I'm working has the following components:
AngularJS/HTML5 Front-End
Web API Back-End that supports Front-End
OAuth Server - Authenticates user and provides tokens
The workflow for an unauthenticated user:
Views Front-End, which calls Web API to determine if authenticated
If not authenticated the user is redirected to OAuth Server
After successful authentication, the browser is redirected back to website with Auth Code
Auth Code is sent to Web API
Web API logic requests Access Token from OAuth server
A cookie is used to associate the token to the user
Additional requests send the cookie, which is used to authorize the user.
My question is what should I send for the HTTP Status Code for Step 1? Normally you send 401 for not unauthorized, but that is if you are using HTTP Authentication. Since the authentication is handled by a different server, that wouldn't make sense. 403 doesn't seem correct either because it implies a that the status will not change.
Should I just use a generic 400 or a custom 400.X code?
Although there is nothing wrong with sending HTTP 401 Unauthorized as a response in your case, a much better alternative would be to send HTTP 302 Found, which would imply that when the user was trying to access the front-end view, the applicable resource in this case (OAuth Server Url) was found somewhere else.
You can mention the OAuth Server Url in the Location header of the response, so the client would redirect the unauthenticated user to the intended location.
HTTP 302 Found
Location: https://oath-server-url.com