We have 2 domain in salesforce:
1-) https://gablesinsurancerecovery.my.salesforce.com
2-) https://gableinsurancerecovery.force.com
and we have 2 user:
developer#cloudspade.com
communitytest#cloudspade.com
developer#cloudspade.com mail work with success on 1. domain but not work on 2. domain.
Likewise, communitytest#cloudspade.com mail work with success on 2. domain but not work on 1.domain.
Its not a problem. Problem is:
2.domain is important to us. Because we have a react-native project by forcereact and we want work with community domain. ( 2. domain ). We setup with successfully this link: https://www.youtube.com/watch?v=9zxMUrayFZ8&t=1634s
We was work with perfectly with the video in the link for login.salesforce.com or 1. domain but doesn't work for 2. domain.
Error is:
error image
As seen in the photo we was see a page. But our expectation was that it would working we send redirect_uri. The redirect_uri we sent was to return "girApp://success" with an access_token and instance_url at the end. But we encounter a screen as you can see in the photo. Redirect is not working. Our goal is to access the access_token with redirection within the application after login and authorize.
Lots to unpack here.
***.my.salesforce.com is your main domain, for internal users. ***.force.com is for Customer/Partner Experience Cloud (formerly known as Communities, formerly known as Portal).
developer#cloudspade.com mail work with success on 1. domain but not
work on 2. domain
Out of the box Salesforce is perfectly fine with internal users logging in to community or even 1-click switching over from internal SF to community. Collaboration and all that. Your administrator probably marked only certain profiles / permission sets as community members, you'd need to check config. But it's possible to use the community login page, you guys just chose not to.
communitytest#cloudspade.com mail work with success on 2. domain but
not work on 1.domain
Yes. Community members must use community login page. They can't use generic login.salesforce.com, test.salesforce.com or your branded ***.my.salesforce.com
works perfectly with (...) login.salesforce.com or 1. domain but
doesn't work for 2. domain
That's because most of the time the community login url must be full. Just the domain might not be enough for login because you can have up to 100 communities under same domain. You probably saw the example when you were enabling communities (Setup -> Digital Experiences -> Settings)
Go to Setup -> Digital Experiences -> All sites and write down the url you'll see there. It'll probably be something like ***.force.com/myportal. That means that for API login you might have more luck with ***.force.com/myportal than ***.force.com.
Stop reading this answer now and go read Sitecore - How to get User ID if the user was logged in using external identity provider (Salesforce SSO). Play with that OpenId Heroku app, once you get this to work with community user in the browser - you'll know which url to put in your react app. React developer might "like" this link too: https://gablesinsurancerecovery.force.com/.well-known/openid-configuration
It's kind of written in this article's footer: https://help.salesforce.com/s/articleView?id=sf.remoteaccess_oauth_endpoints.htm&type=5
Instead of using login.salesforce.com, you can also use the My Domain,
Experience Cloud site, or test.salesforce.com (sandbox) domain in
these endpoints. For hostname, use the My Domain, Experience Cloud
site, or custom URL
I recently encountered a SwiftMail error while trying to send a mail through gmail.
Expected response code 250 but got code "535", with message "535-5.7.8 Username and Password not accepted.
I was trying to send mail through my gmail and google thought that I was a spam(maybe because I was requesting too fast) I received a mail from them saying my account was access and I told them it was me. I was able to send mail without problem and it just occured now.
This is the contents of my env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=mypasswordhere
MAIL_FROM=talentscoutphil#gmail.com
MAIL_NAME=talentscout
I researched on the internet and some answers includes enabling the "access for lesser app" and "unlocking gmail captcha" which sadly didn't work for me until I found the 2-step verification.
What I did the following was:
enable the 2-step verification to google HERE
Create App Password to be use by your system HERE
I selected Others (custom name) and clicked generate
Went to my env file in laravel and edited this
MAIL_USERNAME=talentscoutphil#gmail.com
MAIL_PASSWORD=thepasswordgenerated
Restarted my apache server and boom! It works again.
This was my solution. I created this to atleast make other people not go wasting their time researching for a possible answer.
I had the same problem, changing my gmail password fixed the issue, and also don't forget to enable less secure app on on your gmail account
i had same issue i resolve this use under
go to gmail.com
my account
and enable
Allow less secure apps: ON
it start works
I had everything fine. Less secure app option was also enabled. Still, I was getting the error. What I have done is:
Google will send you Critical security alert
Then you have to authorize that activity. ( Clicking on 'YES, THAT WAS ME' type thing )
Then you can try sending email again.
From May 30, 2022, Google no longer supports the use of third-party apps or devices which ask you to sign in to your Google Account using only your username and password.
Important: This deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date.
For more information, continue to read.
https://support.google.com/accounts/answer/6010255?hl=en&visit_id=637919157823422324-2612210762&p=less-secure-apps&rd=1
This is my .env mail settings
MAIL_DRIVER=smtp
MAIL_HOST=smtp.googlemail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=hello27
MAIL_ENCRYPTION=tls
i was getting thesame error as stated in the question but by using
php artisan config:cache
Everything worked fine
Gmail tends to block usage of mailing addresses which are being used in other applications as username for security reasons. Either you should create a new email address for mail purpose or you must go to the Less Secure App Access and turn on the access for less secure apps. Gmail will send you a mail for confirmation from where you can verify that those changes were made by yourself. Only then, you can use such mailing addresses for mailing purpose through applications.
There is no need to update anything in config/mail.php. just put you credential in .env with this specific key's. This is my .env file.
MAIL_DRIVER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=example#gmail.com
MAIL_PASSWORD=********
MAIL_ENCRYPTION=tls
I had the same issue after long time debugging and googling i have found the solution. that by enabling less secure apps. the email started working.
if your gmail is secure with 2 step verification you can't enable less secure app. so turn off 2 step verification and enable less secure app. by click here enable less secure apps on your gmail account
This single step worked for me... No 2-step verification.
As I had created a dummy account for my local development, so I was OK with this setting.
Make sure you only do this if your account contains NO personal or any critical data.
This is just another way of tackling this error and NOT secure.
I turned ON the setting to alow less secured apps to be allowed access.
Form here :
https://myaccount.google.com/lesssecureapps
I had the same problem, then I did this two steps:
Enable "Allow less secure apps" on your google account security policy.
Restart your local servers.
I encountered the same issue and solved it with no 2FA enabled ("Allow less secure apps" is still in need).
After checking Google error code list, I thought maybe there are some errors in .env.
Below settings are tested in Laravel 8 and worked:
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
MAIL_USERNAME=username#gmail.com
MAIL_PASSWORD='your#password_here' # put the password in quotes
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=username#gmail.com
MAIL_FROM_NAME="${APP_NAME}"
Please remember that put the password in quotes. That works for me.
If your using your cpanel custom email, change your host from smtp.gmail.com to your domain name. it worked for me
As from May 30, 2022 Google has stopped the support of third-party apps or devices which ask you to signin to your Google Account using only your username and password.
To solve this,
make sure you that you have enabled 2-step verification.
Then select App paswords.
select app and device you want to generate the app password for.
on select app select mail then on device choose and name a custom device.
After that, a password will be generated for you to use. Replace your original password with the generated password. Refresh or upload your files to the server the reload.
It will work
I had this issue. first checked the credentials and username, they were all good, then restarted my server (docker stop/start) and it works now. something with cache I believe
We want to integrate "AFE (Ajax File Explorer) into our Drupal application. Our users are authenticated in Drupal and it is not possible for us to ask a second time there login/pwd while opening AFE.
We received a first answer from ITHIT:
Here is how to set login and password:
ajaxFileBrowser.GetSession().SetCredentials('User1', 'pwd');
Please note that this API sets password in XHR. Setting login and
password in XHR does not provide any feedback on weather the login was
successful. That is why in general I would suggest to rely on web
browser login dialog which is displayed automatically instead of
calling SetCredentials.
However it is not clear if it is a real and robust SSO solution. We discovered that Drupal has an webdav SSO module (https://github.com/Awnage/webdavsso), we will also investigate that part. But any comment/help welcomed.
To my understanding there is no way to totally get rid of login dialog when using Basic, Digest, NTLM or Kerberos authentication with Microsoft Office.
Microsoft Office applications always ask for the authentication when used with Basic or Digest authentication. This is a Microsoft Office and Microsoft Mini-redirector limitation and there are no workaround in case your server is using Basic or Digest.
However, if you check "Remember my password" check-box it will still display the login dialog, but the user name and password will be already filled-in, so you just click "OK".
Here are some options to consider if you need to totally suppress login dialog with Microsoft Office:
Use NTLM or Kerberos authentication. In case of NTLM or Kerberos MS
Office asks for credentials only 1 time during first document access.
Implement Office Forms Based Authentication Protocol (MS-OFBA).
Implement Url-authentiation. Your urls will look like:
http://webdavserver.com/[SessionID1234567890]/path/file.docx.
In case of Url-authentiation make sure you do not include the session ID in query string, Microsoft Office will truncate it. You will have to put session ID somewhere in the path, as in the above example, which is not very convenient, when you need to mount a WebDAV folder in you file system, but still works in most cases.
Possible duplicate here Stackoverflow
I solved that problem in the same manner.
I want to build a small application similar to Run As (Windows native) and DropMyRights.
A simple form with a text box which will hold the path to the program that i want to run, and a dropdown to select the account to impersonate (<system>, <interactive>, or "user NameLastname") when starting the child process.
Just in case this is not enough reason to point me to the right direction, here goes the answer to "why would you want to do that?"
I noticed that some of my applications, like Google Calendar Sync, Google Drive Sync and Chrome autoupdater (not chrome.exe), when run as <system> can't pass through the proxy (ISA/TMG).
I do not have access to the server config settings, so i have to do this client-side.
The goal is to have the child process running as <interactive>, and use the NTLM token.
How can i pass CredentialCache.DefaultCredentials or CredentialCache.DefaultNetworkCredentials to the process?
I can't pass username/password/domain because we authenticate on the domain using smartcard logon.
That means i don't even know my Active Directory password.
Answering questions:
It isn't clear what you mean by <system> and <interactive>. Please be
more specific. Do you mean you want to launch processes in your logon
session but have them run as SYSTEM? – Harry Johnston
By interactive i mean the logged on user credentials. Could be local, but in my case i need the domain credentials.
To be even more specific, i want to use the token already generated by the proxy.
I do not want to launch processes as system.
I want system processes to connect to the internet using my (already provided and approved by ISA/TMG) credentials.
More info about this here: What is Interactive Logon?
Hmmm. The Chrome updater isn't a normal application, it's a system
service. Are you trying to run system services in the logged on user's
context? – Harry Johnston
That's right. Exactly what i want to do.
But, Google Updater does not appear on the services list.
It's a scheduled task.
And changing the task to be executed with my credentials doesn't work. Still can not bypass the proxy.
I know this question has been asked a thousand times before and I came across some topics here when doing some Google research about this.
My problem is: I get an Error 10002 - "Security header invalid". I checked the credentials and they are right. I use the live credentials for the live mode and am connecting to the right server and endpoint.
I am using a Paypal class written in PHP. When using it in Sandbox mode it works fine. If I am using it in live mode it shows the checkout as we know it: on the left the item and the total sum and on the right the login screen.
Now I log in with my Paypal account credentials and the API asks me to confirm the purchase. I do so. When it is at the point where it would execute the transaction and redirects to the "Purchase successful" page it suddenly says the above mentioned error.
So I did some testing on my machine with the sandbox account. Assuming that I would use invalid API credentials I would not ever see the checkout (on the left summary on the right login form). But I do. First if I confirm the transaction the API is not okay with the credentials anymore.
How can the credentials first be valid and later on they are invalid? This doesn't make any sense to me. When testing in Sandbox mode everything works fine.
I am using this library:
http://www.php-suit.com/paypal
Help would be highly appreciated as I can't find any explaination for that behaviour anymore. Again: I checked the credentials and they are right.
Best regards,
extrawagant
I'd recommend to double check again the API credentials or the endpoint used.
The error "Error 10002 - Security header invalid" is returned for these common reasons:
Providing the username/password to your actual PayPal account, instead of your API username and API password. We generate your API username and password when you generate your API certificate/signature.
Using the same API information for Sandbox and Live. You need to generate separate API information for your Sandbox and Live accounts.
You have not updated the endpoint to point to PayPal's live API servers.
Trailing or leading white space on any of the characters.
E.g. if you are using the Live Environment endpoint, make sure you are using the credentials created in the Live account. Double check for white spaces when you are pasting into your integration. If you are using the variable "SUBJECT" double check the value inserted.